Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2016.0350
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2016-0350)
Zusammenfassung:	The remote host is missing an update for the '389-ds-base' package(s) announced via the MGASA-2016-0350 advisory.
Beschreibung:	Summary: The remote host is missing an update for the '389-ds-base' package(s) announced via the MGASA-2016-0350 advisory. Vulnerability Insight: A vulnerability in 389-ds-base was found that allows to bypass limitations for compare and read operations specified by Access Control Instructions. When having LDAP sub-tree with some existing objects and having BIND DN which have no privileges over objects inside the sub-tree, unprivileged user can send LDAP ADD operation specifying an object in (supposedly) inaccessible sub-tree. The returned error messages discloses the information when the queried object exists having the specified value. Attacker can use this flaw to guess values of RDN component by repeating the above process (CVE-2016-4992). Affected Software/OS: '389-ds-base' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4992 RHSA-2016:2594 http://rhn.redhat.com/errata/RHSA-2016-2594.html RHSA-2016:2765 http://rhn.redhat.com/errata/RHSA-2016-2765.html https://bugzilla.redhat.com/show_bug.cgi?id=1347760 https://github.com/389ds/389-ds-base/commit/0b932d4b926d46ac5060f02617330dc444e06da1
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.