Name | CVE-2015-3230 |
Description | 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Debian Bugs | 789202 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
389-ds-base (PTS) | jessie, jessie (lts) | 1.3.3.5-4+deb8u7 | fixed |
| stretch | 1.3.5.17-2 | fixed |
| buster (security), buster, buster (lts) | 1.4.0.21-1+deb10u1 | fixed |
| bullseye | 1.4.4.11-2 | fixed |
| bookworm | 2.3.1+dfsg1-1 | fixed |
| sid | 3.1.1+dfsg1-2 | fixed |
The information below is based on the following data on fixed versions.
Notes
[jessie] - 389-ds-base <not-affected> (Vulnerable code not present, fix for 47838 not applied in Jessie)
https://fedorahosted.org/389/ticket/48194
Regression if https://fedorahosted.org/389/ticket/47838 applied