Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 Tenable Network Security, Inc.FEDORA_2007-2796.NASL
HistoryNov 12, 2007 - 12:00 a.m.

Fedora 8 : openldap-2.3.39-1.fc8 (2007-2796)

2007-11-1200:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
15

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.045 Low

EPSS

Percentile

92.5%

JSON

  • Fri Nov 2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.39-1.fc8

    • new upstream version, fixing few security flaws (#362991)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2007-2796.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(28153);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2007-5707", "CVE-2007-5708");
  script_xref(name:"FEDORA", value:"2007-2796");

  script_name(english:"Fedora 8 : openldap-2.3.39-1.fc8 (2007-2796)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Fri Nov 2 2007 Jan Safranek <jsafranek at redhat.com>
    2.3.39-1.fc8

    - new upstream version, fixing few security flaws
      (#362991)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=359851"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=359861"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=362991"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004634.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?99a7d2e8"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_cwe_id(399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:compat-openldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openldap-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openldap-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openldap-servers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openldap-servers-sql");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/11/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC8", reference:"compat-openldap-2.3.39_2.2.29-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"openldap-2.3.39-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"openldap-clients-2.3.39-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"openldap-debuginfo-2.3.39-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"openldap-devel-2.3.39-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"openldap-servers-2.3.39-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"openldap-servers-sql-2.3.39-1.fc8")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-openldap / openldap / openldap-clients / openldap-debuginfo / etc");
}
VendorProductVersionCPE
fedoraprojectfedoracompat-openldapp-cpe:/a:fedoraproject:fedora:compat-openldap
fedoraprojectfedoraopenldapp-cpe:/a:fedoraproject:fedora:openldap
fedoraprojectfedoraopenldap-clientsp-cpe:/a:fedoraproject:fedora:openldap-clients
fedoraprojectfedoraopenldap-debuginfop-cpe:/a:fedoraproject:fedora:openldap-debuginfo
fedoraprojectfedoraopenldap-develp-cpe:/a:fedoraproject:fedora:openldap-devel
fedoraprojectfedoraopenldap-serversp-cpe:/a:fedoraproject:fedora:openldap-servers
fedoraprojectfedoraopenldap-servers-sqlp-cpe:/a:fedoraproject:fedora:openldap-servers-sql
fedoraprojectfedora8cpe:/o:fedoraproject:fedora:8

Related

freebsd 1
nessus 17
ubuntu 1
fedora 2
openvas 21
gentoo 1
osv 1
debian 1
ubuntucve 2
cvelist 2
cve 2
prion 2
nvd 2
centos 1
oraclelinux 1
redhat 2
freebsd
freebsd
openldap -- multiple remote denial of service vulnerabilities
2007-10-29 00:00:00
nessus
nessus
SuSE 10 Security Update : openldap2 (ZYPP Patch Number 4679)
2007-12-13 00:00:00
Fedora Core 6 : openldap-2.3.30-3.fc6 (2007-741)
2007-11-16 00:00:00
FreeBSD : openldap -- multiple remote denial of service vulnerabilities (db449245-870d-11dc-a3ec-001921ab2fa4)
2007-11-01 00:00:00
ubuntu
ubuntu
OpenLDAP vulnerabilities
2007-12-04 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: openldap-2.3.34-4.fc7
2007-11-20 17:47:47
[SECURITY] Fedora 8 Update: openldap-2.3.39-1.fc8
2007-11-09 23:48:49
openvas
openvas
Fedora Update for openldap FEDORA-2007-3124
2009-02-27 00:00:00
FreeBSD Ports: openldap-server
2008-09-04 00:00:00
FreeBSD Ports: openldap-server
2008-09-04 00:00:00
gentoo
gentoo
OpenLDAP: Denial of Service vulnerabilities
2008-03-19 00:00:00
osv
osv
openldap2.3
2008-04-08 00:00:00
debian
debian
[SECURITY] [DSA 1541-1] New openldap2.3 packages fix denial of service
2008-04-08 21:50:58
ubuntucve
ubuntucve
CVE-2007-5708
2007-10-30 00:00:00
CVE-2007-5707
2007-10-30 00:00:00
cvelist
cvelist
CVE-2007-5708
2007-10-30 19:00:00
CVE-2007-5707
2007-10-30 19:00:00
cve
cve
CVE-2007-5708
2007-10-30 19:46:00
CVE-2007-5707
2007-10-30 19:46:00
prion
prion
Null pointer dereference
2007-10-30 19:46:00
Double free
2007-10-30 19:46:00
nvd
nvd
CVE-2007-5708
2007-10-30 19:46:00
CVE-2007-5707
2007-10-30 19:46:00
centos
centos
compat, openldap security update
2007-11-15 19:22:48
oraclelinux
oraclelinux
Important: openldap security and enhancement update
2007-11-23 00:00:00
redhat
redhat
(RHSA-2007:1037) Important: openldap security and enhancement update
2007-11-08 00:00:00
(RHSA-2007:1038) Moderate: openldap security and enhancement update
2007-11-15 00:00:00

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.045 Low

EPSS

Percentile

92.5%

JSON
Related for FEDORA_2007-2796.NASL
freebsd1nessus17ubuntu1fedora2openvas21gentoo1osv1debian1ubuntucve2cvelist2cve2prion2nvd2centos1oraclelinux1redhat2