Scientific Linux Security Update : 389-ds-base on SL7.x x86_64

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- An invalid pointer dereference flaw was found in the way
389-ds-base handled LDAP bind requests. A remote
unauthenticated attacker could use this flaw to make
ns-slapd crash via a specially crafted LDAP bind
request, resulting in denial of service. (CVE-2017-2668)

Bug Fix(es) :

- Previously, when adding a filtered role definition that
uses the 'nsrole' virtual attribute in the filter,
Directory Server terminated unexpectedly. A patch has
been applied, and now the roles plug-in ignores all
virtual attributes. As a result, an error message is
logged when an invalid filter is used. Additionally, the
role is deactivated and Directory Server no longer
fails.

- In a replication topology, Directory Server incorrectly
calculated the size of string format entries when a lot
of entries were deleted. The calculated size of entries
was smaller than the actual required size. Consequently,
Directory Server allocated insufficient memory and
terminated unexpectedly when the data was written to it.
With this update, the size of string format entries is
now calculated correctly in the described situation and
Directory Server no longer terminates unexpectedly.

See also :

http://www.nessus.org/u?d7cea4a7

Solution :

Update the affected packages.

Risk factor :

High

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 99349 ()

Bugtraq ID:

CVE ID: CVE-2017-2668

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now