ID CVE-2016-0741
Summary slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:389_directory_server:1.3.4.5:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 12-10-2016 - 02:01)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
redhat via4
advisories
bugzilla
id 1299416
title CVE-2016-0741 389-ds-base: worker threads do not detect abnormally closed connections causing DoS
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment 389-ds-base is earlier than 0:1.3.4.0-26.el7_2
          oval oval:com.redhat.rhsa:tst:20160204001
        • comment 389-ds-base is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20151554002
      • AND
        • comment 389-ds-base-devel is earlier than 0:1.3.4.0-26.el7_2
          oval oval:com.redhat.rhsa:tst:20160204003
        • comment 389-ds-base-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20151554004
      • AND
        • comment 389-ds-base-libs is earlier than 0:1.3.4.0-26.el7_2
          oval oval:com.redhat.rhsa:tst:20160204005
        • comment 389-ds-base-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20151554006
rhsa
id RHSA-2016:0204
released 2016-02-16
severity Important
title RHSA-2016:0204: 389-ds-base security and bug fix update (Important)
rpms
  • 389-ds-base-0:1.3.4.0-26.el7_2
  • 389-ds-base-debuginfo-0:1.3.4.0-26.el7_2
  • 389-ds-base-devel-0:1.3.4.0-26.el7_2
  • 389-ds-base-libs-0:1.3.4.0-26.el7_2
refmap via4
bid 82343
confirm
Last major update 12-10-2016 - 02:01
Published 19-04-2016 - 21:59
Last modified 12-10-2016 - 02:01
Back to Top