This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Security Fix(es) :
- An invalid pointer dereference flaw was found in the way
389-ds-base handled LDAP bind requests. A remote
unauthenticated attacker could use this flaw to make
ns-slapd crash via a specially crafted LDAP bind
request, resulting in denial of service. (CVE-2017-2668)
Bug Fix(es) :
- Previously, the 'deref' plug-in failed to dereference
attributes that use distinguished name (DN) syntax, such
as 'uniqueMember'. With this patch, the 'deref' plug-in
can dereference such attributes and additionally 'Name
and Optional UID' syntax. As a result, the 'deref'
plug-in now supports any syntax.
See also :
Update the affected packages.
Risk factor :