Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: 389-ds-base security, bug fix, and enhancement update

Related Vulnerabilities: CVE-2016-5416   CVE-2016-4992   CVE-2016-5405   CVE-2016-4992   CVE-2016-5416   CVE-2016-5405   CVE-2016-4992   CVE-2016-5405   CVE-2016-5416  

Source

Synopsis

Moderate: 389-ds-base security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Topic

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

The following packages have been upgraded to a newer upstream version: 389-ds-base (1.3.5.10). (BZ#1270020)

Security Fix(es):

  • It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI (Access Control Instructions) could be read by an anonymous user. This could lead to leakage of sensitive information. (CVE-2016-5416)
  • An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not. (CVE-2016-4992)
  • It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries. (CVE-2016-5405)

The CVE-2016-5416 issue was discovered by Viktor Ashirov (Red Hat); the CVE-2016-4992 issue was discovered by Petr Spacek (Red Hat) and Martin Basti (Red Hat); and the CVE-2016-5405 issue was discovered by William Brown (Red Hat).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the 389 server service will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 7.3 x86_64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.3 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.3 ppc64le
  • Red Hat Enterprise Linux Server - TUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.3 x86_64
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.3 ppc64le
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.3 x86_64

Fixes

  • BZ - 190862 - [RFE] Default password syntax settings don't work with fine-grained policies
  • BZ - 1018944 - [RFE] Enhance password change tracking
  • BZ - 1143066 - [RFE] The dirsrv user/group should be created in rpm %pre, and ideally with fixed uid/gid
  • BZ - 1160902 - search, matching rules and filter error "unsupported type 0xA9"
  • BZ - 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*)
  • BZ - 1209128 - [RFE] Add a utility to get the status of Directory Server instances
  • BZ - 1210842 - Add PIDFile option to systemd service file
  • BZ - 1223510 - nsslapd-maxbersize should be ignored in replication
  • BZ - 1229799 - 389-ds-base: ldclt-bin killed by SIGSEGV
  • BZ - 1249908 - No validation check for the value for nsslapd-db-locks.
  • BZ - 1254887 - No man page entry for - option '-u' of dbgen.pl for adding group entries with uniquemembers
  • BZ - 1255557 - db2index creates index entry from deleted records
  • BZ - 1257568 - /usr/lib64/dirsrv/libnunc-stans.so is owned by both -libs and -devel
  • BZ - 1258610 - total update request must not be lost
  • BZ - 1258611 - dna plugin needs to handle binddn groups for authorization
  • BZ - 1259950 - Add config setting to MemberOf Plugin to add required objectclass got memberOf attribute
  • BZ - 1266510 - Linked Attributes plug-in - wrong behaviour when adding valid and broken links
  • BZ - 1266532 - Linked Attributes plug-in - won't update links after MODRDN operation
  • BZ - 1267750 - pagedresults - when timed out, search results could have been already freed.
  • BZ - 1269378 - ds-logpipe.py with wrong arguments - python exception in the output
  • BZ - 1270020 - Rebase 389-ds-base to 1.3.5 in RHEL-7.3
  • BZ - 1271330 - nunc-stans: Attempt to release connection that is not acquired
  • BZ - 1273142 - crash in Managed Entry plugin
  • BZ - 1273549 - [RFE] Improve timestamp resolution in logs
  • BZ - 1273550 - Deadlock between two MODs on the same entry between entry cache and backend lock
  • BZ - 1273555 - deadlock in mep delete post op
  • BZ - 1275763 - [RFE] add setup-ds.pl option to disable instance specific scripts
  • BZ - 1278567 - SimplePagedResults -- abandon could happen between the abandon check and sending results
  • BZ - 1278584 - Share nsslapd-threadnumber in the case nunc-stans is enabled, as well.
  • BZ - 1278755 - deadlock on connection mutex
  • BZ - 1278987 - Cannot upgrade a consumer to supplier in a multimaster environment
  • BZ - 1280123 - acl - regression - trailing ', (comma)' in macro matched value is not removed.
  • BZ - 1280456 - setup-ds should detect if port is already defined
  • BZ - 1288229 - many attrlist_replace errors in connection with cleanallruv
  • BZ - 1290101 - proxyauth support does not work when bound as directory manager
  • BZ - 1290111 - [RFE] Support for rfc3673 '+' to return operational attributes
  • BZ - 1290141 - With exhausted range, part of DNA shared configuration is deleted after server restart
  • BZ - 1290242 - SimplePagedResults -- in the search error case, simple paged results slot was not released.
  • BZ - 1290600 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same ldapmodify operation
  • BZ - 1296310 - ldclt - segmentation fault error while binding
  • BZ - 1301097 - logconv.pl displays negative operation speeds
  • BZ - 1302823 - Crash in slapi_get_object_extension
  • BZ - 1303641 - heap corruption at schema replication.
  • BZ - 1303794 - Import readNSState.py from RichM's repo
  • BZ - 1304682 - "stale" automember rule (associated to a removed group) causes discrepancies in the database
  • BZ - 1307151 - keep alive entries can break replication
  • BZ - 1310848 - Supplier can skip a failing update, although it should retry.
  • BZ - 1312557 - dirsrv service fails to start when nsslapd-listenhost is configured
  • BZ - 1314557 - change severity of some messages related to "keep alive" entries
  • BZ - 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file "(bulk import)"
  • BZ - 1315893 - License tag does not match actual license of code
  • BZ - 1316328 - search returns no entry when OR filter component contains non readable attribute
  • BZ - 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing
  • BZ - 1316731 - syncrepl search returning error 329; plugin sending a bad error code
  • BZ - 1316741 - ldctl should support -H with ldap uris
  • BZ - 1316742 - no plugin calls in tombstone purging
  • BZ - 1319329 - add nsslapd-auditlog-logging-enabled: off to template-dse.ldif
  • BZ - 1320295 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged.
  • BZ - 1320715 - DES to AES password conversion fails if a backend is empty
  • BZ - 1321124 - Replication changelog can incorrectly skip over updates
  • BZ - 1326077 - Page result search should return empty cookie if there is no returned entry
  • BZ - 1326520 - db2index uses a buffer size derived from dbcachesize
  • BZ - 1328936 - objectclass values could be dropped on the consumer
  • BZ - 1329061 - 389-ds-base-1.3.4.0-29.el7_2 "hang"
  • BZ - 1331343 - Paged results search returns the blank list of entries
  • BZ - 1332533 - ns-accountstatus.pl gives error message on execution along with results.
  • BZ - 1332709 - password history is not updated when an admin resets the password
  • BZ - 1333184 - (389-ds-base-1.3.5) Fixing coverity issues.
  • BZ - 1333515 - Enable DS to offer weaker DH params in NSS
  • BZ - 1334455 - db2ldif is not taking into account multiple suffixes or backends
  • BZ - 1335492 - Modifier's name is not recorded in the audit log with modrdn and moddn operations
  • BZ - 1335618 - Server ram sanity checks work in isolation
  • BZ - 1338872 - Wrong result code display in audit-failure log
  • BZ - 1340307 - Running db2index with no options breaks replication
  • BZ - 1342609 - At startup DES to AES password conversion causes timeout in start script
  • BZ - 1344414 - [RFE] adding pre/post extop ability
  • BZ - 1347760 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation
  • BZ - 1349540 - CVE-2016-5416 389-ds-base: ACI readable by anonymous user
  • BZ - 1349571 - Improve MMR replication convergence
  • BZ - 1349577 - Values of dbcachetries/dbcachehits in cn=monitor could overflow.
  • BZ - 1350632 - ns-slapd shutdown crashes if pwdstorageschema name is from stack.
  • BZ - 1353592 - Setup-ds.pl --update fails
  • BZ - 1353629 - DS shuts down automatically if dnaThreshold is set to 0 in a MMR setup
  • BZ - 1353714 - If a cipher is disabled, do not attempt to look it up
  • BZ - 1354374 - Upgrade to 389-ds-base >= 1.3.5.5 doesn't install 389-ds-base-snmp
  • BZ - 1354660 - flow control in replication also blocks receiving results
  • BZ - 1355879 - nunc-stans: ns-slapd crashes during startup with SIGILL on AMD Opteron 280
  • BZ - 1356261 - Fixup tombstone task needs to set proper flag when updating tombstones
  • BZ - 1358865 - CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack
  • BZ - 1360327 - remove-ds.pl deletes an instance even if wrong prefix was specified
  • BZ - 1360447 - nsslapd-workingdir is empty when ns-slapd is started by systemd
  • BZ - 1361134 - When fine-grained policy is applied, a sub-tree has a priority over a user while changing password
  • BZ - 1361321 - Duplicate collation entries
  • BZ - 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc
  • BZ - 1368520 - Crash in import_wait_for_space_in_fifo().
  • BZ - 1368956 - man page of ns-accountstatus.pl shows redundant entries for -p port option
  • BZ - 1369537 - passwordMinAge attribute doesn't limit the minimum age of the password
  • BZ - 1369570 - cleanallruv changelog cleaning incorrectly impacts all backends
  • BZ - 1370300 - set proper update status to replication agreement in case of failure
  • BZ - 1371283 - Server Side Sorting crashes the server.
  • BZ - 1371284 - Disabling CLEAR password storage scheme will crash server when setting a password

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started