A flaw was found in 389-ds-base that was introduced after CVE-2016-5405 fix. A lack of size check in slapi_ct_memcmp() function may lead to authentication bypass through pre-hashed userPassword attributes under highly specific circumstances.
Acknowledgments: Name: Martin Poole (Red Hat)
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0414 https://access.redhat.com/errata/RHSA-2018:0414
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:0515 https://access.redhat.com/errata/RHSA-2018:0515
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-15135