Scientific Linux Security Update : 389-ds-base on SL6.x i386/x86_64

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- An invalid pointer dereference flaw was found in the way
389-ds-base handled LDAP bind requests. A remote
unauthenticated attacker could use this flaw to make
ns-slapd crash via a specially crafted LDAP bind
request, resulting in denial of service. (CVE-2017-2668)

Bug Fix(es) :

- Previously, the 'deref' plug-in failed to dereference
attributes that use distinguished name (DN) syntax, such
as 'uniqueMember'. With this patch, the 'deref' plug-in
can dereference such attributes and additionally 'Name
and Optional UID' syntax. As a result, the 'deref'
plug-in now supports any syntax.

See also :

http://www.nessus.org/u?21265d39

Solution :

Update the affected packages.

Risk factor :

High

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 99300 ()

Bugtraq ID:

CVE ID: CVE-2017-2668

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now