Mageia: Security Advisory (MGASA-2016-0350) for 389-ds-base packag
Reporter | Title | Published | Views | Family All 35 |
---|---|---|---|---|
RedhatCVE | CVE-2016-4992 | 15 Dec 201620:20 | – | redhatcve |
Prion | Design/Logic Flaw | 8 Jun 201719:29 | – | prion |
Cvelist | CVE-2016-4992 | 8 Jun 201719:00 | – | cvelist |
Debian CVE | CVE-2016-4992 | 8 Jun 201719:29 | – | debiancve |
NVD | CVE-2016-4992 | 8 Jun 201719:29 | – | nvd |
Veracode | Information Leakage | 15 Jan 201909:14 | – | veracode |
Tenable Nessus | Fedora 23 : 389-ds-base (2016-b1a36cccc8) | 8 Sep 201600:00 | – | nessus |
Tenable Nessus | Oracle Linux 6 : 389-ds-base (ELSA-2016-2765) | 16 Nov 201600:00 | – | nessus |
Tenable Nessus | RHEL 7 : 389-ds-base (RHSA-2016:2594) | 4 Nov 201600:00 | – | nessus |
Tenable Nessus | RHEL 6 : 389-ds-base (RHSA-2016:2765) | 16 Nov 201600:00 | – | nessus |
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2016.0350");
script_cve_id("CVE-2016-4992");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:09+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2017-06-16 14:23:14 +0000 (Fri, 16 Jun 2017)");
script_name("Mageia: Security Advisory (MGASA-2016-0350)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA5");
script_xref(name:"Advisory-ID", value:"MGASA-2016-0350");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2016-0350.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=19304");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/[email protected]/thread/D2LEPJLCLU4I6ROZM3NHIDSPKCZUF3DR/");
script_tag(name:"summary", value:"The remote host is missing an update for the '389-ds-base' package(s) announced via the MGASA-2016-0350 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A vulnerability in 389-ds-base was found that allows to bypass limitations
for compare and read operations specified by Access Control Instructions.
When having LDAP sub-tree with some existing objects and having BIND DN
which have no privileges over objects inside the sub-tree, unprivileged
user can send LDAP ADD operation specifying an object in (supposedly)
inaccessible sub-tree. The returned error messages discloses the
information when the queried object exists having the specified value.
Attacker can use this flaw to guess values of RDN component by repeating
the above process (CVE-2016-4992).");
script_tag(name:"affected", value:"'389-ds-base' package(s) on Mageia 5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA5") {
if(!isnull(res = isrpmvuln(pkg:"389-ds-base", rpm:"389-ds-base~1.3.4.14~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib389-ds-base-devel", rpm:"lib389-ds-base-devel~1.3.4.14~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib389-ds-base0", rpm:"lib389-ds-base0~1.3.4.14~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64389-ds-base-devel", rpm:"lib64389-ds-base-devel~1.3.4.14~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64389-ds-base0", rpm:"lib64389-ds-base0~1.3.4.14~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo