Candidate: CVE-2017-15135
PublicDate: 2018-01-24 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15135
Description:
 It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did
 not always handle internal hash comparison operations correctly during the
 authentication process. A remote, unauthenticated attacker could
 potentially use this flaw to bypass the authentication process under very
 rare and specific circumstances.
Ubuntu-Description:
Notes:
 leosilva> code in trusty and xenial are quite different from patch.
 ccdm94> vulnerability introduced by patch for CVE-2016-5405.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]


Patches_389-ds-base:
 other: https://bugzilla.redhat.com/attachment.cgi?id=1388078
upstream_389-ds-base: released (1.3.7.9-1)
precise/esm_389-ds-base: DNE
trusty_389-ds-base: ignored (reached end-of-life)
trusty/esm_389-ds-base: DNE (trusty was not-affected [code not present])
xenial_389-ds-base: ignored (end of standard support, was not-affected [code not present])
artful_389-ds-base: ignored (reached end-of-life)
bionic_389-ds-base: not-affected (1.3.7.10-1ubuntu1)
cosmic_389-ds-base: not-affected (1.3.7.10-1ubuntu1)
disco_389-ds-base: not-affected (1.3.7.10-1ubuntu1)
eoan_389-ds-base: not-affected (1.3.7.10-1ubuntu1)
focal_389-ds-base: not-affected (1.3.7.10-1ubuntu1)
groovy_389-ds-base: not-affected (1.3.7.10-1ubuntu1)
hirsute_389-ds-base: not-affected (1.3.7.10-1ubuntu1)
impish_389-ds-base: not-affected (1.3.7.10-1ubuntu1)
jammy_389-ds-base: not-affected (1.3.7.10-1ubuntu1)
devel_389-ds-base: not-affected (1.3.7.10-1ubuntu1)