| Reporter | Title | Published | Views | Family All 124 |
|---|---|---|---|---|
| Amazon Linux 2 : openldap (ALAS-2023-2033) | 2 May 202300:00 | – | nessus | |
| Amazon Linux AMI : openldap (ALAS-2023-1741) | 4 May 202300:00 | – | nessus | |
| Debian DLA-1891-1 : openldap security update | 20 Aug 201900:00 | – | nessus | |
| EulerOS 2.0 SP5 : openldap (EulerOS-SA-2019-1914) | 16 Sep 201900:00 | – | nessus | |
| EulerOS Virtualization for ARM 64 3.0.2.0 : openldap (EulerOS-SA-2019-1939) | 17 Sep 201900:00 | – | nessus | |
| EulerOS 2.0 SP3 : openldap (EulerOS-SA-2019-1996) | 24 Sep 201900:00 | – | nessus | |
| EulerOS 2.0 SP8 : openldap (EulerOS-SA-2019-2087) | 30 Sep 201900:00 | – | nessus | |
| EulerOS 2.0 SP8 : openldap (EulerOS-SA-2019-2112) | 12 Nov 201900:00 | – | nessus | |
| EulerOS 2.0 SP5 : openldap (EulerOS-SA-2019-2178) | 8 Nov 201900:00 | – | nessus | |
| EulerOS 2.0 SP2 : openldap (EulerOS-SA-2019-2358) | 10 Dec 201900:00 | – | nessus |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(135643);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/15");
script_cve_id("CVE-2019-13057", "CVE-2019-13565");
script_name(english:"EulerOS Virtualization 3.0.2.2 : openldap (EulerOS-SA-2020-1481)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the openldap packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :
- An issue was discovered in the server in OpenLDAP
before 2.4.48. When the server administrator delegates
rootDN (database admin) privileges for certain
databases but wants to maintain isolation (e.g., for
multi-tenant deployments), slapd does not properly stop
a rootDN from requesting authorization as an identity
from another database during a SASL bind or with a
proxyAuthz (RFC 4370) control. (It is not a common
configuration to deploy a system where the server
administrator and a DB administrator enjoy different
levels of trust.)(CVE-2019-13057)
- An issue was discovered in OpenLDAP 2.x before 2.4.48.
When using SASL authentication and session encryption,
and relying on the SASL security layers in slapd access
controls, it is possible to obtain access that would
otherwise be denied via a simple bind for any identity
covered in those ACLs. After the first SASL bind is
completed, the sasl_ssf value is retained for all new
non-SASL connections. Depending on the ACL
configuration, this can affect different types of
operations (searches, modifications, etc.). In other
words, a successful authorization step completed by one
user affects the authorization requirement for a
different user.(CVE-2019-13565)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1481
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c66a3468");
script_set_attribute(attribute:"solution", value:
"Update the affected openldap packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13565");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openldap-clients");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["openldap-2.4.44-15.h9.eulerosv2r7",
"openldap-clients-2.4.44-15.h9.eulerosv2r7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openldap");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation