CVE-2016-5405

Published: 08 June 2017

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
389-ds-base
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.3.5.15-1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Other: https://pagure.io/389-ds-base/c/762219a35005914c6c088d915ac9346ce7e28512

Notes

AuthorNote
sbeattie affects systems where passwords are stored in plain text or unsalted hashs using weak algorithms
leosilva code in trusty is quite different from patch.

References

Bugs