Detections
Analytics

Oracle Linux 6 : 389-ds-base (ELSA-2013-0628)

high Nessus Plugin ID 68788

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0628 advisory.

 [1.2.11.15-12]
 - Resolves: Bug 910994 - PamConfig schema not updated during upgrade
 - Resolves: Bug 910995 - Valgrind reports memleak in modify_update_last_modified_attr
 - Resolves: Bug 910996 - DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled)
 - Resolves: Bug 911467 - DNA: use event queue for config update only at the start up
 - Resolves: Bug 911468 - Error messages encountered when using POSIX winsync
 - Resolves: Bug 911469 - dse.ldif is 0 length after server kill or machine kill
 - Resolves: Bug 911474 - Invalid chaining config triggers a disk full error and shutdown
 - Resolves: Bug 914305 - ns-slapd segfaults while trying to delete a tombstone entry
 - Resolves: Bug 913228 - unauthenticated denial of service vulnerability in handling of LDAPv3 control data

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected 389-ds-base, 389-ds-base-devel and / or 389-ds-base-libs packages.

See Also

https://linux.oracle.com/errata/ELSA-2013-0628.html

Plugin Details

Severity: High

ID: 68788

File Name: oraclelinux_ELSA-2013-0628.nasl

Version: 1.9

Type: local

Agent: unix

Published: 7/12/2013

Updated: 10/22/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2013-0312

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:389-ds-base-devel, p-cpe:/a:oracle:linux:389-ds-base, cpe:/o:oracle:linux:6, p-cpe:/a:oracle:linux:389-ds-base-libs

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 3/11/2013

Vulnerability Publication Date: 3/13/2013

Reference Information

CVE: CVE-2013-0312

BID: 58428

RHSA: 2013:0628