Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS Advisory ([SECURITY] [DLA 1483-1] 389-ds-base security update)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
CVE-2018-10871 By default nsslapd-unhashed-pw-switch was set to 'on'. So a copy of the unhashed password was kept in modifiers and was possibly logged in changelog and retroCL. Unless it is used by some plugin it does not require to keep unhashed passwords. The nsslapd-unhashed-pw-switch option is now 'off' by default. CVE-2018-10935 It was discovered that any authenticated user doing a search using ldapsearch with extended controls for server side sorting could bring down the LDAP server itself. The fix is to check if we are able to index the provided value. If we are not, then slapd_qsort returns an error (LDAP_OPERATION_ERROR) .
Affected Software
Affected Software
389-ds-base on Debian Linux
Detection Method
Detection Method
This check tests the installed software version using the apt package manager.
Solution
Solution
For Debian 8 'Jessie', these problems have been fixed in version 1.3.3.5-4+deb8u2. We recommend that you upgrade your 389-ds-base packages.