What is the severity of CVE-2016-4984?

CVE-2016-4984 is classified with a low severity rating, indicating that while it poses a risk, it requires specific circumstances to be exploited.

How do I fix CVE-2016-4984?

To remediate CVE-2016-4984, ensure that proper permissions are set on the TLS certificate file to prevent unauthorized access.

Which versions of OpenLDAP are affected by CVE-2016-4984?

CVE-2016-4984 affects the OpenLDAP servers package prior to the remediation updates that enforce stronger permissions for TLS certificates.

Can local users exploit CVE-2016-4984?

Yes, local users can exploit CVE-2016-4984 by leveraging a race condition to access the TLS certificate due to weak permission settings.

What is the nature of the vulnerability in CVE-2016-4984?

CVE-2016-4984 involves a race condition during the certificate creation process that allows local users to access the TLS certificate insecurely.

Vulnerability/
CVE-2016-4984

medium

4.7

CWE

362

14/6/2016

14/7/2017

6/8/2024

CVE-2016-4984: Race Condition

First published: Tue Jun 14 2016(Updated: )

/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
OpenLDAP
Red Hat Enterprise Linux	=5
Red Hat Enterprise Linux	=6.0
Red Hat Enterprise Linux	=7.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-4984?
CVE-2016-4984 is classified with a low severity rating, indicating that while it poses a risk, it requires specific circumstances to be exploited.
How do I fix CVE-2016-4984?
To remediate CVE-2016-4984, ensure that proper permissions are set on the TLS certificate file to prevent unauthorized access.
Which versions of OpenLDAP are affected by CVE-2016-4984?
CVE-2016-4984 affects the OpenLDAP servers package prior to the remediation updates that enforce stronger permissions for TLS certificates.
Can local users exploit CVE-2016-4984?
Yes, local users can exploit CVE-2016-4984 by leveraging a race condition to access the TLS certificate due to weak permission settings.
What is the nature of the vulnerability in CVE-2016-4984?
CVE-2016-4984 involves a race condition during the certificate creation process that allows local users to access the TLS certificate insecurely.

agent/references
agent/type
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-4984
agent/severity
agent/author
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/openldap
canonical/openldap
vendor/redhat
canonical/red hat enterprise linux
version/red hat enterprise linux/5
version/red hat enterprise linux/6.0
version/red hat enterprise linux/7.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.