Main Vulnerability Database SB2017100211

SB2017100211 - Amazon Linux AMI update for 389-ds-base

Published: October 2, 2017

Security Bulletin ID SB2017100211

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Brute-force attack (CVE-ID: CVE-2017-7551)

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows remote users to perform brute-force attack on the target system.

The vulnerability exists due to different return codes returned on password attempts. A remote attacker can perform password brute-force attacks during account lockout and obtain valid user's credentials.

Successful exploitation of this vulnerability may result in unauthorized access to the system.

Remediation

Install update from vendor's website.

References

https://alas.aws.amazon.com/ALAS-2017-905.html