CVE-2015-3230

NameCVE-2015-3230
Description389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)
Debian Bugs789202

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
389-ds-base (PTS)jessie1.3.3.5-4fixed
jessie (security)1.3.3.5-4+deb8u3fixed
stretch1.3.5.17-2fixed
sid1.4.0.18-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
389-ds-basesource(unstable)1.3.3.12-1high789202
389-ds-basesourcejessie(not affected)

Notes

[jessie] - 389-ds-base <not-affected> (Vulnerable code not present, fix for 47838 not applied in Jessie)
https://fedorahosted.org/389/ticket/48194
Regression if https://fedorahosted.org/389/ticket/47838 applied

Search for package or bug name: Reporting problems