ID CVE-2002-1378 Type cve Reporter NVD Modified 2017-07-10T21:29:14
Description
Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests.
{"id": "CVE-2002-1378", "bulletinFamily": "NVD", "title": "CVE-2002-1378", "description": "Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests.", "published": "2003-01-02T00:00:00", "modified": "2017-07-10T21:29:14", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1378", "reporter": "NVD", "references": ["http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000556", "http://www.securityfocus.com/bid/6328", "http://www.securityfocus.com/advisories/4827", "https://exchange.xforce.ibmcloud.com/vulnerabilities/10800", "http://www.linuxsecurity.com/advisories/gentoo_advisory-2704.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2003:006", "http://www.turbolinux.com/security/TLSA-2003-5.txt", "http://www.novell.com/linux/security/advisories/2002_047_openldap2.html", "http://www.debian.org/security/2003/dsa-227", "http://www.redhat.com/support/errata/RHSA-2003-040.html", "http://www.ciac.org/ciac/bulletins/n-043.shtml"], "cvelist": ["CVE-2002-1378"], "type": "cve", "lastseen": "2017-07-11T11:14:11", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:openldap:openldap:2.2.0"], "cvelist": ["CVE-2002-1378"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests.", "edition": 1, "enchantments": {}, "hash": "518df4e7a5bbab20198798b971c3c471e2af695cd96e8288f19fb64916bffa3f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "44103d415ec001ed990a344655094859", "key": "modified"}, {"hash": "1dc91b712db623069ae3f8d41bbca326", "key": "href"}, {"hash": "b5a82fcaf396107f511eb9d5e71d13fa", "key": "description"}, {"hash": "3f463d8b858224c181004ab5d2d6f64a", "key": "references"}, {"hash": "1800ad22781a17145773952a230b3531", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "edf6a0526f7a787864d2f3215fb331d4", "key": "published"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "7ebdf278fea118a9173bbdbd326503c3", "key": "title"}, {"hash": "cdda86957cc889fef6579fb95d4c88fa", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1378", "id": "CVE-2002-1378", "lastseen": "2016-09-03T03:36:10", "modified": "2008-09-10T15:14:26", "objectVersion": "1.2", "published": "2003-01-02T00:00:00", "references": ["http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000556", "http://www.securityfocus.com/bid/6328", "http://www.securityfocus.com/advisories/4827", "http://xforce.iss.net/xforce/xfdb/10800", "http://www.linuxsecurity.com/advisories/gentoo_advisory-2704.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2003:006", "http://www.turbolinux.com/security/TLSA-2003-5.txt", "http://www.novell.com/linux/security/advisories/2002_047_openldap2.html", "http://www.debian.org/security/2003/dsa-227", "http://www.redhat.com/support/errata/RHSA-2003-040.html", "http://www.ciac.org/ciac/bulletins/n-043.shtml"], "reporter": "NVD", "scanner": [], "title": "CVE-2002-1378", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T03:36:10"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "cdda86957cc889fef6579fb95d4c88fa"}, {"key": "cvelist", "hash": "1800ad22781a17145773952a230b3531"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "b5a82fcaf396107f511eb9d5e71d13fa"}, {"key": "href", "hash": "1dc91b712db623069ae3f8d41bbca326"}, {"key": "modified", "hash": "e9384d6f0d7c172ca7764daa27489c2a"}, {"key": "published", "hash": "edf6a0526f7a787864d2f3215fb331d4"}, {"key": "references", "hash": "7509d0ad4bd5c9f0cb3f5f0b34a1f4a3"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "7ebdf278fea118a9173bbdbd326503c3"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "e697af9cb2f6d16aafa5edcbd8308418244c71b4cbf509abeba430ec5674365e", "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE", "modified": "2017-07-11T11:14:11"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:4795", "OSVDB:4796", "OSVDB:4793", "OSVDB:4794", "OSVDB:4797"]}, {"type": "debian", "idList": ["DEBIAN:DSA-227-1:188DC"]}, {"type": "openvas", "idList": ["OPENVAS:53721"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2002-312.NASL", "MANDRAKE_MDKSA-2003-006.NASL", "DEBIAN_DSA-227.NASL"]}, {"type": "suse", "idList": ["SUSE-SA:2002:047"]}], "modified": "2017-07-11T11:14:11"}, "vulnersScore": 9.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:openldap:openldap:2.2.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"osvdb": [{"lastseen": "2017-04-28T13:19:59", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 4794](https://vulners.com/osvdb/OSVDB:4794)\n[Related OSVDB ID: 4795](https://vulners.com/osvdb/OSVDB:4795)\n[Related OSVDB ID: 4796](https://vulners.com/osvdb/OSVDB:4796)\n[Related OSVDB ID: 4797](https://vulners.com/osvdb/OSVDB:4797)\nRedHat RHSA: RHSA-2003-040\nOther Advisory URL: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:006\nMail List Post: http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00089.html\nMail List Post: http://www.debian.org/security/2003/dsa-227\n[CVE-2002-1378](https://vulners.com/cve/CVE-2002-1378)\n", "modified": "2002-12-06T05:21:47", "published": "2002-12-06T05:21:47", "href": "https://vulners.com/osvdb/OSVDB:4793", "id": "OSVDB:4793", "type": "osvdb", "title": "OpenLDAP2 slurpd Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:59", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 4793](https://vulners.com/osvdb/OSVDB:4793)\n[Related OSVDB ID: 4795](https://vulners.com/osvdb/OSVDB:4795)\n[Related OSVDB ID: 4796](https://vulners.com/osvdb/OSVDB:4796)\n[Related OSVDB ID: 4797](https://vulners.com/osvdb/OSVDB:4797)\nRedHat RHSA: RHSA-2003-040\nOther Advisory URL: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:006\nMail List Post: http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00089.html\nMail List Post: http://www.debian.org/security/2003/dsa-227\n[CVE-2002-1378](https://vulners.com/cve/CVE-2002-1378)\n", "modified": "2002-12-06T05:21:47", "published": "2002-12-06T05:21:47", "href": "https://vulners.com/osvdb/OSVDB:4794", "id": "OSVDB:4794", "type": "osvdb", "title": "OpenLDAP2 getfilter Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:59", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 4794](https://vulners.com/osvdb/OSVDB:4794)\n[Related OSVDB ID: 4793](https://vulners.com/osvdb/OSVDB:4793)\n[Related OSVDB ID: 4795](https://vulners.com/osvdb/OSVDB:4795)\n[Related OSVDB ID: 4796](https://vulners.com/osvdb/OSVDB:4796)\nRedHat RHSA: RHSA-2003-040\nOther Advisory URL: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:006\nMail List Post: http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00089.html\nMail List Post: http://www.debian.org/security/2003/dsa-227\n[CVE-2002-1378](https://vulners.com/cve/CVE-2002-1378)\n", "modified": "2002-12-06T05:21:47", "published": "2002-12-06T05:21:47", "href": "https://vulners.com/osvdb/OSVDB:4797", "id": "OSVDB:4797", "type": "osvdb", "title": "OpenLDAP2 Log Name Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:59", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 4794](https://vulners.com/osvdb/OSVDB:4794)\n[Related OSVDB ID: 4793](https://vulners.com/osvdb/OSVDB:4793)\n[Related OSVDB ID: 4796](https://vulners.com/osvdb/OSVDB:4796)\n[Related OSVDB ID: 4797](https://vulners.com/osvdb/OSVDB:4797)\nRedHat RHSA: RHSA-2003-040\nOther Advisory URL: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:006\nMail List Post: http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00089.html\nMail List Post: http://www.debian.org/security/2003/dsa-227\n[CVE-2002-1378](https://vulners.com/cve/CVE-2002-1378)\n", "modified": "2002-12-06T05:21:47", "published": "2002-12-06T05:21:47", "href": "https://vulners.com/osvdb/OSVDB:4795", "id": "OSVDB:4795", "type": "osvdb", "title": "OpenLDAP2 libldap Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:59", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 4794](https://vulners.com/osvdb/OSVDB:4794)\n[Related OSVDB ID: 4793](https://vulners.com/osvdb/OSVDB:4793)\n[Related OSVDB ID: 4795](https://vulners.com/osvdb/OSVDB:4795)\n[Related OSVDB ID: 4797](https://vulners.com/osvdb/OSVDB:4797)\nRedHat RHSA: RHSA-2003-040\nOther Advisory URL: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:006\nMail List Post: http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00089.html\nMail List Post: http://www.debian.org/security/2003/dsa-227\n[CVE-2002-1378](https://vulners.com/cve/CVE-2002-1378)\n", "modified": "2002-12-06T05:21:47", "published": "2002-12-06T05:21:47", "href": "https://vulners.com/osvdb/OSVDB:4796", "id": "OSVDB:4796", "type": "osvdb", "title": "OpenLDAP2 slapd Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:22", "bulletinFamily": "scanner", "description": "The remote host is missing an update to openldap2\nannounced via advisory DSA 227-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53721", "id": "OPENVAS:53721", "title": "Debian Security Advisory DSA 227-1 (openldap2)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_227_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 227-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The SuSE Security Team reviewed critical parts of openldap2, an\nimplementation of the Lightweight Directory Access Protocol (LDAP)\nversion 2 and 3, and found several buffer overflows and other bugs\nremote attackers could exploit to gain access on systems running\nvulnerable LDAP servers. In addition to these bugs, various local\nexploitable bugs within the OpenLDAP2 libraries have been fixed.\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 2.0.23-6.3.\n\nThe old stable distribution (potato) does not contain OpenLDAP2\npackages.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.0.27-3.\n\nWe recommend that you upgrade your openldap2 packages.\";\ntag_summary = \"The remote host is missing an update to openldap2\nannounced via advisory DSA 227-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20227-1\";\n\nif(description)\n{\n script_id(53721);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:28:10 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-1378\", \"CVE-2002-1379\");\n script_bugtraq_id(6328);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 227-1 (openldap2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ldap-gateways\", ver:\"2.0.23-6.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ldap-utils\", ver:\"2.0.23-6.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap2\", ver:\"2.0.23-6.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap2-dev\", ver:\"2.0.23-6.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.0.23-6.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:12:54", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 227-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJanuary, 13th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openldap2\nVulnerability : buffer overflows and other bugs\nProblem-Type : local, remote\nDebian-specific: no\nCVE Id : CAN-2002-1378 CAN-2002-1379\nBugTraq Id : 6328\n\nThe SuSE Security Team reviewed critical parts of openldap2, an\nimplementation of the Lightweight Directory Access Protocol (LDAP)\nversion 2 and 3, and found several buffer overflows and other bugs\nremote attackers could exploit to gain access on systems running\nvulnerable LDAP servers. In addition to these bugs, various local\nexploitable bugs within the OpenLDAP2 libraries have been fixed.\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 2.0.23-6.3.\n\nThe old stable distribution (potato) does not contain OpenLDAP2\npackages.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.0.27-3.\n\nWe recommend that you upgrade your openldap2 packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.23-6.3.dsc\n Size/MD5 checksum: 763 45168fb49d17bcbefc2d920400705ac1\n http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.23-6.3.diff.gz\n Size/MD5 checksum: 20913 f0fa8fa225ccd5ce44504811511c9ad4\n http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.23.orig.tar.gz\n Size/MD5 checksum: 1302928 d13cfded502c7d2b43b3c42b4e6dd599\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_alpha.deb\n Size/MD5 checksum: 87630 29068d6586e62aa8141995d19d85b5f2\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_alpha.deb\n Size/MD5 checksum: 113812 ffe2c1b7afd49bbd45143b4d2c5738a3\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_alpha.deb\n Size/MD5 checksum: 213992 5a20e5fa07a7e64c501fce960bafb00d\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_alpha.deb\n Size/MD5 checksum: 1833542 4554c75be54f37f98062874c1fd05ef3\n http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_alpha.deb\n Size/MD5 checksum: 806478 e3ebfb7fefffdebdfc48127c53989b5a\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_arm.deb\n Size/MD5 checksum: 65998 395356a67fc07a37cb7ff83e4f433f08\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_arm.deb\n Size/MD5 checksum: 90090 2d6582bca66d8d4975767e9143610617\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_arm.deb\n Size/MD5 checksum: 183032 202e9ee365ea54dab60b7b827d47b759\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_arm.deb\n Size/MD5 checksum: 1789034 7144479db1c2c8433fcd89ee6b1cd693\n http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_arm.deb\n Size/MD5 checksum: 672624 d93eddf64b805fe8ad456e1abb477237\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_i386.deb\n Size/MD5 checksum: 65232 423b8b0b3fd8a09ef365d4ec25023d26\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_i386.deb\n Size/MD5 checksum: 86350 0bc201b83a18897972cecccb37beba0b\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_i386.deb\n Size/MD5 checksum: 172742 2222f508b8f6b0cf808ece56cfd639e9\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_i386.deb\n Size/MD5 checksum: 1732946 1f98f56fb5b0215788c9581cc330a77a\n http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_i386.deb\n Size/MD5 checksum: 606922 42fc1c90d802d9bc155094cd2c5b3a05\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_ia64.deb\n Size/MD5 checksum: 97926 102155513b8228429771ede0d79ba286\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_ia64.deb\n Size/MD5 checksum: 130370 c200491173f802aa79f18f6069d693a6\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_ia64.deb\n Size/MD5 checksum: 287272 bc3d117d2a5ce5472bd7c8e82415c316\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_ia64.deb\n Size/MD5 checksum: 1770604 541a1c9edbe6a16405882e222cd7a109\n http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_ia64.deb\n Size/MD5 checksum: 1055364 6f57696f2b7531f84130a70af0549b8d\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_hppa.deb\n Size/MD5 checksum: 72484 204da57b2ee9c96ce1c452b7930200ed\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_hppa.deb\n Size/MD5 checksum: 96546 c7effeaa7614518f6fc3430377a4a5d5\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_hppa.deb\n Size/MD5 checksum: 215844 579d0e6079f28507f1ec9cb04e480eb1\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_hppa.deb\n Size/MD5 checksum: 1918820 4fe546d4d46cd60886b632454051305f\n http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_hppa.deb\n Size/MD5 checksum: 754974 33465a944d5f074d8360c6636e59a21c\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_m68k.deb\n Size/MD5 checksum: 63104 97a7ac89fa92969b337c9faac65a396f\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_m68k.deb\n Size/MD5 checksum: 82360 622b8f56215e11e8d8560a046ae6727d\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_m68k.deb\n Size/MD5 checksum: 172070 6c83f54353a1f6e4ab930534ff1d4e3f\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_m68k.deb\n Size/MD5 checksum: 1747054 ed7fb0f971840a7fa830bf8398a4d14e\n http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_m68k.deb\n Size/MD5 checksum: 549178 af67d5db8fe060084f216816d5317349\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_mips.deb\n Size/MD5 checksum: 71252 ec1e7143d9bee2bbbe0c51c74565539a\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_mips.deb\n Size/MD5 checksum: 96432 63ea165d5ced9a86f03f401ddd82bdec\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_mips.deb\n Size/MD5 checksum: 182296 7f14e28ef4cb9dc8ee4a81379a41ba43\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_mips.deb\n Size/MD5 checksum: 1740550 80ceff7b9ad86b6a271a75f02b7fc156\n http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_mips.deb\n Size/MD5 checksum: 690306 d1fcfcfb94ed45c1cc1738f650ea7791\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_mipsel.deb\n Size/MD5 checksum: 71024 7525d0c425e5039e9057f8ba7b33887a\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_mipsel.deb\n Size/MD5 checksum: 96224 5659381cf1d060a6e941fa966b0a0ee9\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_mipsel.deb\n Size/MD5 checksum: 182322 416d63e7910ac76318b044ec1822f7a5\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_mipsel.deb\n Size/MD5 checksum: 1707922 1d802562db371b06b85fb9377c243b9c\n http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_mipsel.deb\n Size/MD5 checksum: 690470 b2641844353f0e774878ed2584f3377b\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_powerpc.deb\n Size/MD5 checksum: 67354 cea40c452a90042c183d548374e3d3ab\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_powerpc.deb\n Size/MD5 checksum: 89190 8ba071acfbd7ce9a91547506c9f2032d\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_powerpc.deb\n Size/MD5 checksum: 190122 2ed378aced84f062d25341ea402fe432\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_powerpc.deb\n Size/MD5 checksum: 1833820 9e552d28447baff88a9513224872df4c\n http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_powerpc.deb\n Size/MD5 checksum: 659124 bd3a42e7f529ffe0ba2c14db79d4c5e9\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_s390.deb\n Size/MD5 checksum: 68148 c092242782dc253a48bed75e64d89f73\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_s390.deb\n Size/MD5 checksum: 90736 4f1a07b555e2b45c2010f906cc5643b8\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_s390.deb\n Size/MD5 checksum: 185080 31f46df36b184835aa7dfa690f0e5acf\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_s390.deb\n Size/MD5 checksum: 1774464 73c0f603bccf160742f195eceda8cdaa\n http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_s390.deb\n Size/MD5 checksum: 630076 51fb890370a4ac20cc624bd098f47a1f\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_sparc.deb\n Size/MD5 checksum: 83524 3a4ecbbec28bdbece90059b279cf0b79\n http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_sparc.deb\n Size/MD5 checksum: 96442 22cd660e75d55fdacdd8f3f496018e86\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_sparc.deb\n Size/MD5 checksum: 184178 8ed0238017accfbf049df22ba8caf7e0\n http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_sparc.deb\n Size/MD5 checksum: 1793314 4ef681fc1a92aad509ed6b7697ea5ac3\n http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_sparc.deb\n Size/MD5 checksum: 633264 70f1164d9d170954a31142e3aef49f61\n\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2003-01-13T00:00:00", "published": "2003-01-13T00:00:00", "id": "DEBIAN:DSA-227-1:188DC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00007.html", "title": "[SECURITY] [DSA 227-1] New openldap packages fix buffer overflows and remote exploit", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:05:32", "bulletinFamily": "scanner", "description": "A review was completed by the SuSE Security Team on the OpenLDAP\nserver software, and this audit revealed several buffer overflows and\nother bugs that remote attackers could exploit to gain unauthorized\naccess to the system running the vulnerable OpenLDAP servers.\nAdditionally, various locally exploitable bugs in the OpenLDAP v2\nlibraries have been fixed as well.", "modified": "2018-07-19T00:00:00", "published": "2004-07-31T00:00:00", "id": "MANDRAKE_MDKSA-2003-006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=13991", "title": "Mandrake Linux Security Advisory : openldap (MDKSA-2003:006)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:006. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(13991);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/07/19 20:59:12\");\n\n script_cve_id(\"CVE-2002-1378\", \"CVE-2002-1379\", \"CVE-2002-1508\");\n script_xref(name:\"MDKSA\", value:\"2003:006\");\n\n script_name(english:\"Mandrake Linux Security Advisory : openldap (MDKSA-2003:006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A review was completed by the SuSE Security Team on the OpenLDAP\nserver software, and this audit revealed several buffer overflows and\nother bugs that remote attackers could exploit to gain unauthorized\naccess to the system running the vulnerable OpenLDAP servers.\nAdditionally, various locally exploitable bugs in the OpenLDAP v2\nlibraries have been fixed as well.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.suse.de/security/2002_047_openldap2.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-back_dnssrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-back_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-back_passwd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-back_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-guide\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-migration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"libldap2-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"libldap2-devel-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"libldap2-devel-static-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openldap-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openldap-back_dnssrv-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openldap-back_ldap-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openldap-back_passwd-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openldap-back_sql-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openldap-clients-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openldap-guide-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openldap-migration-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openldap-servers-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libldap2-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libldap2-devel-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libldap2-devel-static-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"openldap-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"openldap-back_dnssrv-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"openldap-back_ldap-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"openldap-back_passwd-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"openldap-back_sql-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"openldap-clients-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"openldap-guide-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"openldap-migration-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"openldap-servers-2.0.21-2.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libldap2-2.0.21-4.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libldap2-devel-2.0.21-4.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libldap2-devel-static-2.0.21-4.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"openldap-2.0.21-4.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"openldap-back_dnssrv-2.0.21-4.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"openldap-back_ldap-2.0.21-4.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"openldap-back_passwd-2.0.21-4.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"openldap-back_sql-2.0.21-4.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"openldap-clients-2.0.21-4.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"openldap-guide-2.0.21-4.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"openldap-migration-2.0.21-4.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"openldap-servers-2.0.21-4.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libldap2-2.0.25-7.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libldap2-devel-2.0.25-7.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libldap2-devel-static-2.0.25-7.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"openldap-2.0.25-7.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"openldap-back_dnssrv-2.0.25-7.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"openldap-back_ldap-2.0.25-7.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"openldap-back_passwd-2.0.25-7.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"openldap-back_sql-2.0.25-7.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"openldap-clients-2.0.25-7.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"openldap-guide-2.0.25-7.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"openldap-migration-2.0.25-7.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"openldap-servers-2.0.25-7.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:05:41", "bulletinFamily": "scanner", "description": "The SuSE Security Team reviewed critical parts of openldap2, an\nimplementation of the Lightweight Directory Access Protocol (LDAP)\nversion 2 and 3, and found several buffer overflows and other bugs\nremote attackers could exploit to gain access on systems running\nvulnerable LDAP servers. In addition to these bugs, various local\nexploitable bugs within the OpenLDAP2 libraries have been fixed.", "modified": "2018-07-20T00:00:00", "published": "2004-09-29T00:00:00", "id": "DEBIAN_DSA-227.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15064", "title": "Debian DSA-227-1 : openldap2 - buffer overflows and other bugs", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-227. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15064);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/07/20 2:17:10\");\n\n script_cve_id(\"CVE-2002-1378\", \"CVE-2002-1379\", \"CVE-2002-1508\");\n script_bugtraq_id(6328, 6620);\n script_xref(name:\"DSA\", value:\"227\");\n\n script_name(english:\"Debian DSA-227-1 : openldap2 - buffer overflows and other bugs\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SuSE Security Team reviewed critical parts of openldap2, an\nimplementation of the Lightweight Directory Access Protocol (LDAP)\nversion 2 and 3, and found several buffer overflows and other bugs\nremote attackers could exploit to gain access on systems running\nvulnerable LDAP servers. In addition to these bugs, various local\nexploitable bugs within the OpenLDAP2 libraries have been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2003/dsa-227\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openldap2 packages.\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 2.0.23-6.3.\n\nThe old stable distribution (potato) does not contain OpenLDAP2\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"ldap-gateways\", reference:\"2.0.23-6.3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ldap-utils\", reference:\"2.0.23-6.3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libldap2\", reference:\"2.0.23-6.3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libldap2-dev\", reference:\"2.0.23-6.3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"slapd\", reference:\"2.0.23-6.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:05:25", "bulletinFamily": "scanner", "description": "Updated OpenLDAP packages are available which fix a number of local\nand remote buffer overflows in libldap as well as the slapd and slurpd\ndaemons. Additionally, potential issues stemming from using\nuser-specified LDAP configuration files have been addressed.\n\n[Updated 06 Feb 2003] Added fixed packages for Red Hat Linux Advanced\nWorkstation 2.1\n\n[Updated 13 Aug 2003] Added openldap12 packages for Red Hat Linux\nAdvanced Server 2.1 and Advanced Workstation 2.1 that were originally\nleft out of this errata.\n\nOpenLDAP is a suite of LDAP (Lightweight Directory Access Protocol)\napplications and development tools. LDAP is a set of protocols for\naccessing directory services. In an audit of OpenLDAP by SuSE, a\nnumber of potential security issues were found.\n\nThe following is a list of these issues :\n\nWhen reading configuration files, libldap reads the current user's\n.ldaprc file even in applications being run with elevated privileges.\n\nSlurpd would overflow an internal buffer if the command-line argument\nused with the -t or -r flags is too long, or if the name of a file for\nwhich it attempted to create an advisory lock is too long.\n\nWhen parsing filters, the getfilter family of functions from libldap\ncan overflow an internal buffer by supplying a carefully crafted\nldapfilter.conf file.\n\nWhen processing LDAP entry display templates, libldap can overflow an\ninternal buffer by supplying a carefully crafted ldaptemplates.conf\nfile.\n\nWhen parsing an access control list, slapd can overflow an internal\nbuffer.\n\nWhen constructing the name of the file used for logging rejected\nreplication requests, slapd overflows an internal buffer if the size\nof the generated name is too large. It can also destroy the contents\nof any file owned by the user 'ldap' due to a race condition in the\nsubsequent creation of the log file.\n\nAll of these potential security issues are corrected by the packages\ncontained within this erratum.\n\nRed Hat Linux Advanced Server users who use LDAP are advised to\ninstall the updated OpenLDAP packages contained within this erratum.", "modified": "2018-11-15T00:00:00", "published": "2004-07-06T00:00:00", "id": "REDHAT-RHSA-2002-312.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12346", "title": "RHEL 2.1 : openldap (RHSA-2002:312)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2002:312. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12346);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/11/15 11:40:29\");\n\n script_cve_id(\"CVE-2002-1378\", \"CVE-2002-1379\", \"CVE-2002-1508\");\n script_xref(name:\"RHSA\", value:\"2002:312\");\n\n script_name(english:\"RHEL 2.1 : openldap (RHSA-2002:312)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenLDAP packages are available which fix a number of local\nand remote buffer overflows in libldap as well as the slapd and slurpd\ndaemons. Additionally, potential issues stemming from using\nuser-specified LDAP configuration files have been addressed.\n\n[Updated 06 Feb 2003] Added fixed packages for Red Hat Linux Advanced\nWorkstation 2.1\n\n[Updated 13 Aug 2003] Added openldap12 packages for Red Hat Linux\nAdvanced Server 2.1 and Advanced Workstation 2.1 that were originally\nleft out of this errata.\n\nOpenLDAP is a suite of LDAP (Lightweight Directory Access Protocol)\napplications and development tools. LDAP is a set of protocols for\naccessing directory services. In an audit of OpenLDAP by SuSE, a\nnumber of potential security issues were found.\n\nThe following is a list of these issues :\n\nWhen reading configuration files, libldap reads the current user's\n.ldaprc file even in applications being run with elevated privileges.\n\nSlurpd would overflow an internal buffer if the command-line argument\nused with the -t or -r flags is too long, or if the name of a file for\nwhich it attempted to create an advisory lock is too long.\n\nWhen parsing filters, the getfilter family of functions from libldap\ncan overflow an internal buffer by supplying a carefully crafted\nldapfilter.conf file.\n\nWhen processing LDAP entry display templates, libldap can overflow an\ninternal buffer by supplying a carefully crafted ldaptemplates.conf\nfile.\n\nWhen parsing an access control list, slapd can overflow an internal\nbuffer.\n\nWhen constructing the name of the file used for logging rejected\nreplication requests, slapd overflows an internal buffer if the size\nof the generated name is too large. It can also destroy the contents\nof any file owned by the user 'ldap' due to a race condition in the\nsubsequent creation of the log file.\n\nAll of these potential security issues are corrected by the packages\ncontained within this erratum.\n\nRed Hat Linux Advanced Server users who use LDAP are advised to\ninstall the updated OpenLDAP packages contained within this erratum.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-1378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-1379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-1508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2002:312\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2002:312\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openldap-2.0.27-2.7.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openldap-clients-2.0.27-2.7.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openldap-devel-2.0.27-2.7.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openldap-servers-2.0.27-2.7.3\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openldap12-1.2.13-8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-devel / openldap-servers / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:56:09", "bulletinFamily": "unix", "description": "OpenLDAP is the Open Source implementation of the Lightweight Directory Access Protocol (LDAP) and is used in network environments for distributing certain information such as X.509 certificates or login information.", "modified": "2002-12-06T11:16:45", "published": "2002-12-06T11:16:45", "href": "http://lists.opensuse.org/opensuse-security-announce/2002-12/msg00002.html", "id": "SUSE-SA:2002:047", "title": "remote command execution in OpenLDAP2", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
