CVE-2016-5405

NameCVE-2016-5405
Description389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs842121

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
389-ds-base (PTS)jessie1.3.3.5-4vulnerable
jessie (security)1.3.3.5-4+deb8u3vulnerable
stretch1.3.5.17-2fixed
sid1.4.0.18-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
389-ds-basesource(unstable)1.3.5.15-1medium842121

Notes

[jessie] - 389-ds-base <no-dsa> (minor issue)
This affects systems storing passwords in plain text.
Systems using unsalted hashes might be unsafe as well if using weak
hash algorithms, however the attack would be very time-consuming.
the patch for this CVE causes CVE-2017-15135

Search for package or bug name: Reporting problems