Low: 389-ds-base

2013-04-1815:39:00

alas.aws.amazon.com

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.6%

JSON

Issue Overview:

It was found that the 389 Directory Server did not properly restrict access to entries when the “nsslapd-allow-anonymous-access” configuration setting was set to “rootdse”. An anonymous user could connect to the LDAP database and, if the search scope is set to BASE, obtain access to information outside of the rootDSE. (CVE-2013-1897)

Affected Packages:

389-ds-base

Issue Correction:
Run yum update 389-ds-base to update your system.

New Packages:

i686:  
    389-ds-base-1.3.0.6-1.3.amzn1.i686  
    389-ds-base-devel-1.3.0.6-1.3.amzn1.i686  
    389-ds-base-debuginfo-1.3.0.6-1.3.amzn1.i686  
    389-ds-base-libs-1.3.0.6-1.3.amzn1.i686  
  
src:  
    389-ds-base-1.3.0.6-1.3.amzn1.src  
  
x86_64:  
    389-ds-base-1.3.0.6-1.3.amzn1.x86_64  
    389-ds-base-libs-1.3.0.6-1.3.amzn1.x86_64  
    389-ds-base-debuginfo-1.3.0.6-1.3.amzn1.x86_64  
    389-ds-base-devel-1.3.0.6-1.3.amzn1.x86_64

Additional References

Red Hat: CVE-2013-1897

Mitre: CVE-2013-1897

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686389-ds-base< 1.3.0.6-1.3.amzn1389-ds-base-1.3.0.6-1.3.amzn1.i686.rpm
Amazon Linux1i686389-ds-base-devel< 1.3.0.6-1.3.amzn1389-ds-base-devel-1.3.0.6-1.3.amzn1.i686.rpm
Amazon Linux1i686389-ds-base-debuginfo< 1.3.0.6-1.3.amzn1389-ds-base-debuginfo-1.3.0.6-1.3.amzn1.i686.rpm
Amazon Linux1i686389-ds-base-libs< 1.3.0.6-1.3.amzn1389-ds-base-libs-1.3.0.6-1.3.amzn1.i686.rpm
Amazon Linux1x86_64389-ds-base< 1.3.0.6-1.3.amzn1389-ds-base-1.3.0.6-1.3.amzn1.x86_64.rpm
Amazon Linux1x86_64389-ds-base-libs< 1.3.0.6-1.3.amzn1389-ds-base-libs-1.3.0.6-1.3.amzn1.x86_64.rpm
Amazon Linux1x86_64389-ds-base-debuginfo< 1.3.0.6-1.3.amzn1389-ds-base-debuginfo-1.3.0.6-1.3.amzn1.x86_64.rpm
Amazon Linux1x86_64389-ds-base-devel< 1.3.0.6-1.3.amzn1389-ds-base-devel-1.3.0.6-1.3.amzn1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	389-ds-base	< 1.3.0.6-1.3.amzn1	389-ds-base-1.3.0.6-1.3.amzn1.i686.rpm
Amazon Linux	1	i686	389-ds-base-devel	< 1.3.0.6-1.3.amzn1	389-ds-base-devel-1.3.0.6-1.3.amzn1.i686.rpm
Amazon Linux	1	i686	389-ds-base-debuginfo	< 1.3.0.6-1.3.amzn1	389-ds-base-debuginfo-1.3.0.6-1.3.amzn1.i686.rpm
Amazon Linux	1	i686	389-ds-base-libs	< 1.3.0.6-1.3.amzn1	389-ds-base-libs-1.3.0.6-1.3.amzn1.i686.rpm
Amazon Linux	1	x86_64	389-ds-base	< 1.3.0.6-1.3.amzn1	389-ds-base-1.3.0.6-1.3.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	389-ds-base-libs	< 1.3.0.6-1.3.amzn1	389-ds-base-libs-1.3.0.6-1.3.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	389-ds-base-debuginfo	< 1.3.0.6-1.3.amzn1	389-ds-base-debuginfo-1.3.0.6-1.3.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	389-ds-base-devel	< 1.3.0.6-1.3.amzn1	389-ds-base-devel-1.3.0.6-1.3.amzn1.x86_64.rpm