CentOS Local Security Checks : CentOS Update for 389-ds-base CESA-2013:0503 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881658

Categoría: CentOS Local Security Checks

Título: CentOS Update for 389-ds-base CESA-2013:0503 centos6

Resumen: The remote host is missing an update for the '389-ds-base'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the '389-ds-base'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The 389-ds-base packages provide 389 Directory Server, which is an LDAPv3
compliant server. The base packages include the Lightweight Directory
Access Protocol (LDAP) server and command-line utilities for server
administration.

A flaw was found in the way 389 Directory Server enforced ACLs after
performing an LDAP modify relative distinguished name (modrdn) operation.
After modrdn was used to move part of a tree, the ACLs defined on the moved
(Distinguished Name) were not properly enforced until the server was
restarted. This could allow LDAP users to access information that should be
restricted by the defined ACLs. (CVE-2012-4450)

This issue was discovered by Noriko Hosoi of Red Hat.

These updated 389-ds-base packages include numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.4
Technical Notes, linked to in the References, for information on the most
significant of these changes.

All users of 389-ds-base are advised to upgrade to these updated packages,
which correct this issue and provide numerous bug fixes and enhancements.
After installing this update, the 389 server service will be restarted
automatically.

Affected Software/OS:
389-ds-base on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
6.0

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-4450
50713
http://secunia.com/advisories/50713
55690
http://www.securityfocus.com/bid/55690
RHSA-2013:0503
http://rhn.redhat.com/errata/RHSA-2013-0503.html
[oss-security] 20120926 CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)
http://www.openwall.com/lists/oss-security/2012/09/26/3
[oss-security] 20120926 Re: CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)
http://www.openwall.com/lists/oss-security/2012/09/26/5
http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
https://bugzilla.redhat.com/show_bug.cgi?id=860772
https://fedorahosted.org/389/ticket/340

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881658
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for 389-ds-base CESA-2013:0503 centos6
Resumen:	The remote host is missing an update for the '389-ds-base'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the '389-ds-base' package(s) announced via the referenced advisory. Vulnerability Insight: The 389-ds-base packages provide 389 Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server enforced ACLs after performing an LDAP modify relative distinguished name (modrdn) operation. After modrdn was used to move part of a tree, the ACLs defined on the moved (Distinguished Name) were not properly enforced until the server was restarted. This could allow LDAP users to access information that should be restricted by the defined ACLs. (CVE-2012-4450) This issue was discovered by Noriko Hosoi of Red Hat. These updated 389-ds-base packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of 389-ds-base are advised to upgrade to these updated packages, which correct this issue and provide numerous bug fixes and enhancements. After installing this update, the 389 server service will be restarted automatically. Affected Software/OS: 389-ds-base on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4450 50713 http://secunia.com/advisories/50713 55690 http://www.securityfocus.com/bid/55690 RHSA-2013:0503 http://rhn.redhat.com/errata/RHSA-2013-0503.html [oss-security] 20120926 CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) http://www.openwall.com/lists/oss-security/2012/09/26/3 [oss-security] 20120926 Re: CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) http://www.openwall.com/lists/oss-security/2012/09/26/5 http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09 https://bugzilla.redhat.com/show_bug.cgi?id=860772 https://fedorahosted.org/389/ticket/340
Copyright	Copyright (C) 2013 Greenbone AG