Test ID:	1.3.6.1.4.1.25623.1.0.882687
Category:	CentOS Local Security Checks
Title:	CentOS Update for 389-ds-base CESA-2017:0893 centos6
Summary:	Check the version of 389-ds-base
Description:	Summary: Check the version of 389-ds-base Vulnerability Insight: 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. (CVE-2017-2668) Red Hat would like to thank Joachim Jabs (F24) for reporting this issue. Bug Fix(es): * Previously, the 'deref' plug-in failed to dereference attributes that use distinguished name (DN) syntax, such as 'uniqueMember'. With this patch, the 'deref' plug-in can dereference such attributes and additionally 'Name and Optional UID' syntax. As a result, the 'deref' plug-in now supports any syntax. (BZ#1435365) Affected Software/OS: 389-ds-base on CentOS 6 Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-2668 BugTraq ID: 97524 http://www.securityfocus.com/bid/97524 RedHat Security Advisories: RHSA-2017:0893 https://access.redhat.com/errata/RHSA-2017:0893 RedHat Security Advisories: RHSA-2017:0920 https://access.redhat.com/errata/RHSA-2017:0920
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.