Red Hat Local Security Checks : RedHat Update for 389-ds-base RHSA-2017:0893-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.871793

Categoría: Red Hat Local Security Checks

Título: RedHat Update for 389-ds-base RHSA-2017:0893-01

Resumen: The remote host is missing an update for the '389-ds-base'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the '389-ds-base'
package(s) announced via the referenced advisory.

Vulnerability Insight:
389 Directory Server is an LDAP version 3
(LDAPv3) compliant server. The base packages include the Lightweight Directory
Access Protocol (LDAP) server and command-line utilities for server
administration.

Security Fix(es):

* An invalid pointer dereference flaw was found in the way 389-ds-base
handled LDAP bind requests. A remote unauthenticated attacker could use
this flaw to make ns-slapd crash via a specially crafted LDAP bind request,
resulting in denial of service. (CVE-2017-2668)

Red Hat would like to thank Joachim Jabs (F24) for reporting this issue.

Bug Fix(es):

* Previously, the 'deref' plug-in failed to dereference attributes that use
distinguished name (DN) syntax, such as 'uniqueMember'. With this patch,
the 'deref' plug-in can dereference such attributes and additionally 'Name
and Optional UID' syntax. As a result, the 'deref' plug-in now supports any
syntax. (BZ#1435365)

Affected Software/OS:
389-ds-base on Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-2668
BugTraq ID: 97524
http://www.securityfocus.com/bid/97524
RedHat Security Advisories: RHSA-2017:0893
https://access.redhat.com/errata/RHSA-2017:0893
RedHat Security Advisories: RHSA-2017:0920
https://access.redhat.com/errata/RHSA-2017:0920

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.871793
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for 389-ds-base RHSA-2017:0893-01
Resumen:	The remote host is missing an update for the '389-ds-base'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the '389-ds-base' package(s) announced via the referenced advisory. Vulnerability Insight: 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. (CVE-2017-2668) Red Hat would like to thank Joachim Jabs (F24) for reporting this issue. Bug Fix(es): * Previously, the 'deref' plug-in failed to dereference attributes that use distinguished name (DN) syntax, such as 'uniqueMember'. With this patch, the 'deref' plug-in can dereference such attributes and additionally 'Name and Optional UID' syntax. As a result, the 'deref' plug-in now supports any syntax. (BZ#1435365) Affected Software/OS: 389-ds-base on Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-2668 BugTraq ID: 97524 http://www.securityfocus.com/bid/97524 RedHat Security Advisories: RHSA-2017:0893 https://access.redhat.com/errata/RHSA-2017:0893 RedHat Security Advisories: RHSA-2017:0920 https://access.redhat.com/errata/RHSA-2017:0920
Copyright	Copyright (C) 2017 Greenbone AG