Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2013-0263)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2013.0263

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2013-0263)

Zusammenfassung: The remote host is missing an update for the '389-ds-base' package(s) announced via the MGASA-2013-0263 advisory.

Beschreibung: Summary:
The remote host is missing an update for the '389-ds-base' package(s) announced via the MGASA-2013-0263 advisory.

Vulnerability Insight:
Updated 389-ds-base packages fix security vulnerabilities:

It was discovered that the 389 Directory Server did not honor defined
attribute access controls when evaluating search filter expressions. A
remote attacker (with permission to query the Directory Server) could use
this flaw to determine the values of restricted attributes via a series of
search queries with filter conditions that used restricted attributes
(CVE-2013-2219).

It was discovered that the 389 Directory Server did not properly handle the
receipt of certain MOD operations with a bogus Distinguished Name (DN). A
remote, unauthenticated attacker could use this flaw to cause the 389
Directory Server to crash (CVE-2013-4283).

Additionally, problems of wrong default group nobody (from upstream) as well
as the 389-ds server not starting after a reboot have been fixed (mga#10138).

Affected Software/OS:
'389-ds-base' package(s) on Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-2219
RHSA-2013:1116
http://rhn.redhat.com/errata/RHSA-2013-1116.html
RHSA-2013:1119
http://rhn.redhat.com/errata/RHSA-2013-1119.html
https://bugzilla.redhat.com/show_bug.cgi?id=979508
Common Vulnerability Exposure (CVE) ID: CVE-2013-4283
54586
http://secunia.com/advisories/54586
54650
http://secunia.com/advisories/54650
RHSA-2013:1182
http://rhn.redhat.com/errata/RHSA-2013-1182.html
http://directory.fedoraproject.org/wiki/Releases/1.3.0.8
https://bugzilla.redhat.com/show_bug.cgi?id=999634

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2013.0263
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2013-0263)
Zusammenfassung:	The remote host is missing an update for the '389-ds-base' package(s) announced via the MGASA-2013-0263 advisory.
Beschreibung:	Summary: The remote host is missing an update for the '389-ds-base' package(s) announced via the MGASA-2013-0263 advisory. Vulnerability Insight: Updated 389-ds-base packages fix security vulnerabilities: It was discovered that the 389 Directory Server did not honor defined attribute access controls when evaluating search filter expressions. A remote attacker (with permission to query the Directory Server) could use this flaw to determine the values of restricted attributes via a series of search queries with filter conditions that used restricted attributes (CVE-2013-2219). It was discovered that the 389 Directory Server did not properly handle the receipt of certain MOD operations with a bogus Distinguished Name (DN). A remote, unauthenticated attacker could use this flaw to cause the 389 Directory Server to crash (CVE-2013-4283). Additionally, problems of wrong default group nobody (from upstream) as well as the 389-ds server not starting after a reboot have been fixed (mga#10138). Affected Software/OS: '389-ds-base' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2219 RHSA-2013:1116 http://rhn.redhat.com/errata/RHSA-2013-1116.html RHSA-2013:1119 http://rhn.redhat.com/errata/RHSA-2013-1119.html https://bugzilla.redhat.com/show_bug.cgi?id=979508 Common Vulnerability Exposure (CVE) ID: CVE-2013-4283 54586 http://secunia.com/advisories/54586 54650 http://secunia.com/advisories/54650 RHSA-2013:1182 http://rhn.redhat.com/errata/RHSA-2013-1182.html http://directory.fedoraproject.org/wiki/Releases/1.3.0.8 https://bugzilla.redhat.com/show_bug.cgi?id=999634
Copyright	Copyright (C) 2022 Greenbone AG