ID CVE-2016-0741
Summary slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.5:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 12-10-2016 - 02:01)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
redhat via4
advisories
bugzilla
id 1299416
title CVE-2016-0741 389-ds-base: worker threads do not detect abnormally closed connections causing DoS
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment 389-ds-base is earlier than 0:1.3.4.0-26.el7_2
        oval oval:com.redhat.rhsa:tst:20160204007
      • comment 389-ds-base is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20151554010
    • AND
      • comment 389-ds-base-devel is earlier than 0:1.3.4.0-26.el7_2
        oval oval:com.redhat.rhsa:tst:20160204005
      • comment 389-ds-base-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20151554006
    • AND
      • comment 389-ds-base-libs is earlier than 0:1.3.4.0-26.el7_2
        oval oval:com.redhat.rhsa:tst:20160204009
      • comment 389-ds-base-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20151554008
rhsa
id RHSA-2016:0204
released 2016-02-16
severity Important
title RHSA-2016:0204: 389-ds-base security and bug fix update (Important)
rpms
  • 389-ds-base-0:1.3.4.0-26.el7_2
  • 389-ds-base-devel-0:1.3.4.0-26.el7_2
  • 389-ds-base-libs-0:1.3.4.0-26.el7_2
refmap via4
bid 82343
confirm
Last major update 12-10-2016 - 02:01
Published 19-04-2016 - 21:59
Back to Top