Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2007:0430
HistoryJun 11, 2007 - 9:07 p.m.

openldap security update

2007-06-1121:07:22
CentOS Project
lists.centos.org
39

2.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.9%

JSON

CentOS Errata and Security Advisory CESA-2007:0430

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications, libraries and development tools.

A flaw was found in the way OpenLDAP handled selfwrite access. Users with
selfwrite access were able to modify the distinguished name of any user.
Users with selfwrite access should only be able to modify their own
distinguished name. (CVE-2006-4600)

A memory leak bug was found in OpenLDAP’s ldap_start_tls_s() function. An
application using this function could result in an Out Of Memory (OOM)
condition, crashing the application.

All users are advised to upgrade to this updated openldap package,
which contains a backported fix and is not vulnerable to these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-June/076060.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076066.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076072.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076073.html

Affected packages:
openldap
openldap-clients
openldap-devel
openldap-servers

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0430

Related

nessus 12
cve 1
openvas 4
redhat 2
oraclelinux 1
centos 1
freebsd 1
ubuntucve 1
gentoo 1
securityvulns 1
vmware 1
nessus
nessus
FreeBSD : openldap -- slapd acl selfwrite Security Issue (ae7124ff-547c-11db-8f1a-000a48049292)
2006-10-10 00:00:00
Scientific Linux Security Update : openldap on SL3.x i386/x86_64
2012-08-01 00:00:00
RHEL 4 : openldap (RHSA-2007:0310)
2007-05-02 00:00:00
cve
cve
CVE-2006-4600
2006-09-07 00:04:00
openvas
openvas
FreeBSD Ports: openldap-server, openldap-sasl-server
2008-09-04 00:00:00
FreeBSD Ports: openldap-server, openldap-sasl-server
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200711-23 (vmware-workstation vmware-player)
2008-09-24 00:00:00
redhat
redhat
(RHSA-2007:0310) Low: openldap security update
2007-05-01 00:00:00
(RHSA-2007:0430) Low: openldap security and bug-fix update
2007-06-11 13:45:45
oraclelinux
oraclelinux
Low: openldap security update
2007-05-17 00:00:00
centos
centos
compat, gdm, openldap security update
2007-05-02 08:52:57
freebsd
freebsd
openldap -- slapd acl selfwrite Security Issue
2006-06-14 00:00:00
ubuntucve
ubuntucve
CVE-2006-4600
2006-09-07 00:00:00
gentoo
gentoo
VMware Workstation and Player: Multiple vulnerabilities
2007-11-18 00:00:00
securityvulns
securityvulns
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
2007-09-21 00:00:00
vmware
vmware
Updated versions of all supported hosted products and all ESX 2x products and patches for ESX 30x address critical security updates. Service Console security updates for samba, bind, krb5, vixie-cron, shadow-utils, openldap, pam, gcc, and gdb packages.
2007-09-18 00:00:00

2.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.9%

JSON
Related for CESA-2007:0430
nessus12cve1openvas4redhat2oraclelinux1centos1freebsd1ubuntucve1gentoo1securityvulns1vmware1