Amazon Linux: Security Advisory (ALAS-2013-184)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update announced via the referenced Security Advisory.
Insight
Insight
It was found that the 389 Directory Server did not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration setting was set to rootdse. An anonymous user could connect to the LDAP database and, if the search scope is set to BASE, obtain access to information outside of the rootDSE. (CVE-2013-1897 )
Solution
Solution
Run yum update 389-ds-base to update your system.
Common Vulnerabilities and Exposures (CVE)
Scan your vulnerabilities for free. Start using Mageni today.
Mageni can help you to find, assess and manage your vulnerabilities.
Get Started for Free