{"id":"MGASA-2017-0340","summary":"Updated 389-ds-base packages fix security vulnerability","details":"The directory server password lockout policy prevents binds from\noperating once a threshold of failed passwords has been met. During this\nlockout, if you bind with a successful password, a different error code\nis returned. This means that an attacker has no ratelimit or penalty\nduring an account lock, and can continue to attempt passwords via\nbruteforce, using the change in return code to ascertain a sucessful\npassword auth (CVE-2017-7551).\n","modified":"2026-04-16T06:25:09.663026077Z","published":"2017-09-16T08:24:57Z","upstream":["CVE-2017-7551"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0340.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21671"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2017:2569"}],"affected":[{"package":{"name":"389-ds-base","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/389-ds-base?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.4.14-1.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0340.json"}},{"package":{"name":"389-ds-base","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/389-ds-base?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.5.17-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0340.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}