Lucene search

K

Mageia: Security Advisory (MGASA-2016-0350)

🗓️ 28 Jan 2022 00:00:00Reported by Copyright (C) 2022 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 13 Views

Mageia: Security Advisory (MGASA-2016-0350) for 389-ds-base packag

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
RedhatCVE
CVE-2016-4992
15 Dec 201620:20
redhatcve
Prion
Design/Logic Flaw
8 Jun 201719:29
prion
Cvelist
CVE-2016-4992
8 Jun 201719:00
cvelist
Debian CVE
CVE-2016-4992
8 Jun 201719:29
debiancve
NVD
CVE-2016-4992
8 Jun 201719:29
nvd
Veracode
Information Leakage
15 Jan 201909:14
veracode
Tenable Nessus
Fedora 23 : 389-ds-base (2016-b1a36cccc8)
8 Sep 201600:00
nessus
Tenable Nessus
Oracle Linux 6 : 389-ds-base (ELSA-2016-2765)
16 Nov 201600:00
nessus
Tenable Nessus
RHEL 7 : 389-ds-base (RHSA-2016:2594)
4 Nov 201600:00
nessus
Tenable Nessus
RHEL 6 : 389-ds-base (RHSA-2016:2765)
16 Nov 201600:00
nessus
Rows per page
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2016.0350");
  script_cve_id("CVE-2016-4992");
  script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
  script_version("2024-02-02T05:06:09+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-06-16 14:23:14 +0000 (Fri, 16 Jun 2017)");

  script_name("Mageia: Security Advisory (MGASA-2016-0350)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA5");

  script_xref(name:"Advisory-ID", value:"MGASA-2016-0350");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2016-0350.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=19304");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/[email protected]/thread/D2LEPJLCLU4I6ROZM3NHIDSPKCZUF3DR/");

  script_tag(name:"summary", value:"The remote host is missing an update for the '389-ds-base' package(s) announced via the MGASA-2016-0350 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"A vulnerability in 389-ds-base was found that allows to bypass limitations
for compare and read operations specified by Access Control Instructions.
When having LDAP sub-tree with some existing objects and having BIND DN
which have no privileges over objects inside the sub-tree, unprivileged
user can send LDAP ADD operation specifying an object in (supposedly)
inaccessible sub-tree. The returned error messages discloses the
information when the queried object exists having the specified value.
Attacker can use this flaw to guess values of RDN component by repeating
the above process (CVE-2016-4992).");

  script_tag(name:"affected", value:"'389-ds-base' package(s) on Mageia 5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA5") {

  if(!isnull(res = isrpmvuln(pkg:"389-ds-base", rpm:"389-ds-base~1.3.4.14~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"lib389-ds-base-devel", rpm:"lib389-ds-base-devel~1.3.4.14~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"lib389-ds-base0", rpm:"lib389-ds-base0~1.3.4.14~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"lib64389-ds-base-devel", rpm:"lib64389-ds-base-devel~1.3.4.14~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"lib64389-ds-base0", rpm:"lib64389-ds-base0~1.3.4.14~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
28 Jan 2022 00:00Current
7.7High risk
Vulners AI Score7.7
CVSS25
CVSS37.5
EPSS0.003
13
.json
Report