Executive Summary
Summary | |
---|---|
Title | 389-ds-base security update |
Informations | |||
---|---|---|---|
Name | RHSA-2012:0997 | First vendor Publication | 2012-06-20 |
Vendor | RedHat | Last vendor Modification | 2012-06-20 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:S/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | High |
Cvss Expoit Score | 3.9 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated 389-ds-base packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their password, and the directory server has not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. (CVE-2012-2678) It was found that when the password for an LDAP user was changed, and audit logging was enabled (it is disabled by default), the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on" (the default option), prevents 389 Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif". (CVE-2012-2746) All users of 389-ds-base are advised to upgrade to these updated packages, which resolve these issues. After installing this update, the 389 server service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829933 - CVE-2012-2678 rhds/389: plaintext password disclosure flaw 833482 - CVE-2012-2746 rhds/389: plaintext password disclosure in audit log |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2012-0997.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-310 | Cryptographic Issues |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21476 | |||
Oval ID: | oval:org.mitre.oval:def:21476 | ||
Title: | RHSA-2012:0997: 389-ds-base security update (Moderate) | ||
Description: | 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0997-01 CESA-2012:0997 CVE-2012-2678 CVE-2012-2746 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | 389-ds-base |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23785 | |||
Oval ID: | oval:org.mitre.oval:def:23785 | ||
Title: | ELSA-2012:0997: 389-ds-base security update (Moderate) | ||
Description: | 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0997-01 CVE-2012-2678 CVE-2012-2746 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | 389-ds-base |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27822 | |||
Oval ID: | oval:org.mitre.oval:def:27822 | ||
Title: | DEPRECATED: ELSA-2012-0997 -- 389-ds-base security update (moderate) | ||
Description: | [1.2.10.2-18] - Resolves: Bug 830001 - unhashed#user#password visible after changing password -- patch 0020 disallows users' direct modify on unhashed#user#password [1.2.10.2-17] - Resolves: Bug 830001 - unhashed#user#password visible after changing password -- patch 0019 fixes deref issue. [1.2.10.2-16] - Resolves: Bug 830001 - unhashed#user#password visible after changing password - Resolves: Bug 830256 - Audit log - clear text password in user changes | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0997 CVE-2012-2678 CVE-2012-2746 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | 389-ds-base |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for 389-ds-base CESA-2012:0997 centos6 File : nvt/gb_CESA-2012_0997_389-ds-base_centos6.nasl |
2012-06-22 | Name : RedHat Update for 389-ds-base RHSA-2012:0997-01 File : nvt/gb_RHSA-2012_0997-01_389-ds-base.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1041.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0997.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120620_389_ds_base_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-07-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0997.nasl - Type : ACT_GATHER_INFO |
2012-06-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0997.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:56:05 |
|