Martin Poole

Name of the Vulnerable Software and Affected Versions: 389-ds-base versions 1.3.6.1 through 1.4.0.3 Description: The issue is related to incorrect handling of internal hash comparison operations during the authentication process. This could potentially allow a remote, unauthenticated attacker to bypass the authentication process under rare and specific circumstances. The vulnerability may enable an attacker to access confidential data. Recommendations: For versions 1.3.6.1 through 1.4.0.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nss compat ossl (affected versions not specified) **Description** The cipherstring parsing code in nss compat ossl has an issue when in multi-keyword mode, where it does not match the expected set of ciphers for a given cipher combination. This could allow attackers to have an unspecified impact via unknown vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenLDAP (affected versions not specified) **Description** The issue is related to the nss parse ciphers function in OpenLDAP, which does not properly parse OpenSSL-style multi-keyword mode cipher strings. This might cause a weaker than intended cipher to be used, potentially allowing remote attackers to have an unspecified impact. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.