Scientific Linux Security Update : 389-ds-base on SL7.x x86_64

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- A flaw was found in the way 389-ds-base handled
authentication attempts against locked accounts. A
remote attacker could potentially use this flaw to
continue password brute-forcing attacks against LDAP
accounts, thereby bypassing the protection offered by
the directory server's password lockout policy.
(CVE-2017-7551)

Bug Fix(es) :

- In a multi-replication environments, if operations in
one back end triggered updates in another back end, the
Replica Update Vector (RUV) of the back end was
incorrect and replication failed. This fix enables
Directory Server to handle Change Sequence Number (CSN)
pending lists across multiple back ends. As a result,
replication works correctly.

- Due to a low default entry cache size value, the
Directory Server database had to resolve many deadlocks
during resource-intensive tasks. In certain situations,
this could result in a 'DB PANIC' error and the server
no longer responded to requests. After the server was
restarted, Directory Server started with a delay to
recover the database. However, this recovery could fail,
and the database could corrupt. This patch increases the
default entry cache size in the nsslapd-cachememsize
parameter to 200 MB. As a result, out-of-lock situations
or 'DB PANIC' errors no longer occur in the mentioned
scenario.

- Previously, if replication was enabled and a changelog
file existed, performing a backup on this master server
failed. This update sets the internal options for
correctly copying a file. As a result, creating a backup
now succeeds in the mentioned scenario.

- In certain situations, if the server was previously
abruptly shut down, the
/etc/dirsrv/<instance_name>/dse.ldif configuration file
became corrupted. As a consequence, Directory Server
failed to start. With this patch, the server now calls
the fsync() function before shutting down to force the
file system to write any changes to the disk. As a
result, the configuration no longer becomes corrupted,
regardless how the server gets stopped.

See also :

http://www.nessus.org/u?881bd20c

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 102972 ()

Bugtraq ID:

CVE ID: CVE-2017-7551

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now