AmazonALAS-2016-664Important: 389-ds-base
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.023 Low
EPSS
Percentile
89.8%
Issue Overview:
An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop accepting connections (denial of service).
Affected Packages:
389-ds-base
Issue Correction:
Run yum update 389-ds-base to update your system.
New Packages:
i686:
389-ds-base-devel-1.3.4.0-26.47.amzn1.i686
389-ds-base-1.3.4.0-26.47.amzn1.i686
389-ds-base-libs-1.3.4.0-26.47.amzn1.i686
389-ds-base-debuginfo-1.3.4.0-26.47.amzn1.i686
src:
389-ds-base-1.3.4.0-26.47.amzn1.src
x86_64:
389-ds-base-1.3.4.0-26.47.amzn1.x86_64
389-ds-base-devel-1.3.4.0-26.47.amzn1.x86_64
389-ds-base-debuginfo-1.3.4.0-26.47.amzn1.x86_64
389-ds-base-libs-1.3.4.0-26.47.amzn1.x86_64
Additional References
Red Hat: CVE-2016-0741
Mitre: CVE-2016-0741
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | 389-ds-base-devel | < 1.3.4.0-26.47.amzn1 | 389-ds-base-devel-1.3.4.0-26.47.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | 389-ds-base | < 1.3.4.0-26.47.amzn1 | 389-ds-base-1.3.4.0-26.47.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | 389-ds-base-libs | < 1.3.4.0-26.47.amzn1 | 389-ds-base-libs-1.3.4.0-26.47.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | 389-ds-base-debuginfo | < 1.3.4.0-26.47.amzn1 | 389-ds-base-debuginfo-1.3.4.0-26.47.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | 389-ds-base | < 1.3.4.0-26.47.amzn1 | 389-ds-base-1.3.4.0-26.47.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | 389-ds-base-devel | < 1.3.4.0-26.47.amzn1 | 389-ds-base-devel-1.3.4.0-26.47.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | 389-ds-base-debuginfo | < 1.3.4.0-26.47.amzn1 | 389-ds-base-debuginfo-1.3.4.0-26.47.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | 389-ds-base-libs | < 1.3.4.0-26.47.amzn1 | 389-ds-base-libs-1.3.4.0-26.47.amzn1.x86_64.rpm |
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.023 Low
EPSS
Percentile
89.8%