5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
79.4%
Issue Overview:
CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack
It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries.
CVE-2016-5416 389-ds-base: ACI readable by anonymous user
It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI (Access Control Instructions) could be read by an anonymous user. This could lead to leakage of sensitive information.
CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation
An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not.
Affected Packages:
389-ds-base
Issue Correction:
Run yum update 389-ds-base to update your system.
New Packages:
i686:
389-ds-base-debuginfo-1.3.5.10-11.49.amzn1.i686
389-ds-base-devel-1.3.5.10-11.49.amzn1.i686
389-ds-base-snmp-1.3.5.10-11.49.amzn1.i686
389-ds-base-1.3.5.10-11.49.amzn1.i686
389-ds-base-libs-1.3.5.10-11.49.amzn1.i686
src:
389-ds-base-1.3.5.10-11.49.amzn1.src
x86_64:
389-ds-base-1.3.5.10-11.49.amzn1.x86_64
389-ds-base-snmp-1.3.5.10-11.49.amzn1.x86_64
389-ds-base-libs-1.3.5.10-11.49.amzn1.x86_64
389-ds-base-debuginfo-1.3.5.10-11.49.amzn1.x86_64
389-ds-base-devel-1.3.5.10-11.49.amzn1.x86_64
Red Hat: CVE-2016-4992, CVE-2016-5405, CVE-2016-5416
Mitre: CVE-2016-4992, CVE-2016-5405, CVE-2016-5416
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
79.4%