4.3 - RHSA-2017:0893

Executive Summary

Summary
Title	389-ds-base security and bug fix update

Informations
Name	RHSA-2017:0893	First vendor Publication	2017-04-11
Vendor	RedHat	Last vendor Modification	2017-04-11
Severity (Vendor)	N/A	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update for 389-ds-base is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

* An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. (CVE-2017-2668)

Red Hat would like to thank Joachim Jabs (F24) for reporting this issue.

Bug Fix(es):

* Previously, the "deref" plug-in failed to dereference attributes that use distinguished name (DN) syntax, such as "uniqueMember". With this patch, the "deref" plug-in can dereference such attributes and additionally "Name and Optional UID" syntax. As a result, the "deref" plug-in now supports any syntax. (BZ#1435365)

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the 389 server service will be restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1435365 - Unable to dereference unqiemember attribute because it is dn [#UID] not dn syntax 1436575 - CVE-2017-2668 389-ds-base: Remote crash via crafted LDAP messages

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2017-0893.html

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-476	NULL Pointer Dereference

CPE : Common Platform Enumeration

Type	Description	Count
Application	Fedoraproject 389 Directory Server cpe:2.3:a:fedoraproject:389_directory_server:1.3.6.7:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.5.19:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.5:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.4:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.1:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.0:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.8:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.5:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.3:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.2:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.0:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.9:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.8:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.7:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.6:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.5:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.4:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.3:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.26:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.24:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.23:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.22:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.2:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.19:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.16:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.13:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.11:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.10:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.9:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.8:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.7:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.6:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.5:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.4:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.3:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.22:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.2:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.19:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.18:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.17:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.16:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.15:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.14:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.13:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.12:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.11:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.10:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.1:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.0:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.8:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.7:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.6:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.5:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.4:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.3:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.3.0.2:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.9.9:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.3:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.2:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.1:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc1:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha3:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc2:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.9:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.8:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.6:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.5:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.26:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.25:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.23:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.22:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.21:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.20:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.19:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.17:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.15:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.14:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.13:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.12:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.11:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.10:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.7:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.4:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.3:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.2:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.11:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.1:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:alpha8:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:rc1:::::: cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:::::::* cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:::::::* cpe:2.3:a:fedoraproject:389_directory_server:::::::: cpe:2.3:a:fedoraproject:389_directory_server:-:::::::*	115
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*	2
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*	2
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*	2

Snort® IPS/IDS

Date	Description
2017-05-25	389-ds-base bind code execution attempt RuleID : 42362 - Revision : 2 - Type : SERVER-OTHER
2017-05-25	389-ds-base bind code execution attempt RuleID : 42361 - Revision : 2 - Type : SERVER-OTHER
2017-05-25	389-ds-base bind code execution attempt RuleID : 42360 - Revision : 2 - Type : SERVER-OTHER
2017-05-25	389-ds-base bind code execution attempt RuleID : 42359 - Revision : 2 - Type : SERVER-OTHER
2017-05-25	389-ds-base bind code execution attempt RuleID : 42358 - Revision : 2 - Type : SERVER-OTHER
2017-05-25	389-ds-base bind code execution attempt RuleID : 42357 - Revision : 2 - Type : SERVER-OTHER
2017-05-25	389-ds-base bind code execution attempt RuleID : 42356 - Revision : 2 - Type : SERVER-OTHER
2017-05-25	389-ds-base bind code execution attempt RuleID : 42355 - Revision : 2 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2017-07-13	Name : The remote Virtuozzo host is missing a security update. File : Virtuozzo_VZLSA-2017-0893.nasl - Type : ACT_GATHER_INFO
2017-07-13	Name : The remote Virtuozzo host is missing a security update. File : Virtuozzo_VZLSA-2017-0920.nasl - Type : ACT_GATHER_INFO
2017-05-03	Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2017-1087.nasl - Type : ACT_GATHER_INFO
2017-04-28	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-824.nasl - Type : ACT_GATHER_INFO
2017-04-14	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-0920.nasl - Type : ACT_GATHER_INFO
2017-04-13	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-0893.nasl - Type : ACT_GATHER_INFO
2017-04-13	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-0920.nasl - Type : ACT_GATHER_INFO
2017-04-13	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-0893.nasl - Type : ACT_GATHER_INFO
2017-04-13	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-0920.nasl - Type : ACT_GATHER_INFO
2017-04-13	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20170412_389_ds_base_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-04-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-0893.nasl - Type : ACT_GATHER_INFO
2017-04-12	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20170411_389_ds_base_on_SL6_x.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2018-08-23 21:22:47	Multiple Updates
2018-06-24 09:21:19	Multiple Updates
2017-07-14 13:24:51	Multiple Updates
2017-04-15 13:24:21	Multiple Updates
2017-04-14 13:22:13	Multiple Updates
2017-04-11 17:24:21	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	121
Snort® Rule(s)	8
Nessus® Exploit(s)	12

	Related
6.5	CVE-2017-2668
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

4.3 - RHSA-2017:0893

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU