Red Hat Local Security Checks : RedHat Update for 389-ds-base RHSA-2012:0813-04

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.870760

Categoría: Red Hat Local Security Checks

Título: RedHat Update for 389-ds-base RHSA-2012:0813-04

Resumen: The remote host is missing an update for the '389-ds-base'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the '389-ds-base'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The 389 Directory Server is an LDAPv3 compliant server. The base packages
include the Lightweight Directory Access Protocol (LDAP) server and
command-line utilities for server administration.

A flaw was found in the way the 389 Directory Server daemon (ns-slapd)
handled access control instructions (ACIs) using certificate groups. If an
LDAP user that had a certificate group defined attempted to bind to the
directory server, it would cause ns-slapd to enter an infinite loop and
consume an excessive amount of CPU time. (CVE-2012-0833)

Red Hat would like to thank Graham Leggett for reporting this issue.

These updated 389-ds-base packages also include numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical
Notes for information on the most significant of these changes.

Users are advised to upgrade to these updated 389-ds-base packages, which
resolve these issues and add these enhancements. After installing this
update, the 389 server service will be restarted automatically.

Affected Software/OS:
389-ds-base on Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
2.3

CVSS Vector:
AV:A/AC:M/Au:S/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-0833
48035
http://secunia.com/advisories/48035
49562
http://secunia.com/advisories/49562
RHSA-2012:0813
http://rhn.redhat.com/errata/RHSA-2012-0813.html
https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base
https://fedorahosted.org/389/ticket/162

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.870760
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for 389-ds-base RHSA-2012:0813-04
Resumen:	The remote host is missing an update for the '389-ds-base'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the '389-ds-base' package(s) announced via the referenced advisory. Vulnerability Insight: The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way the 389 Directory Server daemon (ns-slapd) handled access control instructions (ACIs) using certificate groups. If an LDAP user that had a certificate group defined attempted to bind to the directory server, it would cause ns-slapd to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2012-0833) Red Hat would like to thank Graham Leggett for reporting this issue. These updated 389-ds-base packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. Users are advised to upgrade to these updated 389-ds-base packages, which resolve these issues and add these enhancements. After installing this update, the 389 server service will be restarted automatically. Affected Software/OS: 389-ds-base on Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 2.3 CVSS Vector: AV:A/AC:M/Au:S/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0833 48035 http://secunia.com/advisories/48035 49562 http://secunia.com/advisories/49562 RHSA-2012:0813 http://rhn.redhat.com/errata/RHSA-2012-0813.html https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base https://fedorahosted.org/389/ticket/162
Copyright	Copyright (C) 2012 Greenbone AG