ALAS-2016-773 ---- 389-ds-baseID: oval:org.secpod.oval:def:1600485 | Date: (C)2016-12-19 (M)2023-09-26 |
Class: PATCH | Family: unix |
CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries.CVE-2016-5416 389-ds-base: ACI readable by anonymous user It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI could be read by an anonymous user. This could lead to leakage of sensitive information.CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not.
Platform: |
Amazon Linux AMI |