[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87854

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2017:0893 -- centos 6 389-ds-base

ID: oval:org.secpod.oval:def:204471Date: (C)2017-04-14   (M)2018-08-24
Class: PATCHFamily: unix




389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. Red Hat would like to thank Joachim Jabs for reporting this issue. Bug Fix: * Previously, the deref plug-in failed to dereference attributes that use distinguished name syntax, such as uniqueMember. With this patch, the deref plug-in can dereference such attributes and additionally Name and Optional UID syntax. As a result, the deref plug-in now supports any syntax

Platform:
CentOS 6
Product:
389-ds-base
Reference:
CESA-2017:0893
CVE-2017-2668
CVE    1
CVE-2017-2668
CPE    8
cpe:/a:fedoraproject:389_directory_server
cpe:/o:centos:centos:6
cpe:/o:redhat:enterprise_linux_server:6.0
cpe:/o:redhat:enterprise_linux_server:7.0
...

© SecPod Technologies