Lucene search
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2003-006.NASLHistoryJul 31, 2004 - 12:00 a.m.
Mandrake Linux Security Advisory : openldap (MDKSA-2003:006)
2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
9
A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers.
Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2003:006.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(13991);
script_version("1.21");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2002-1378", "CVE-2002-1379", "CVE-2002-1508");
script_xref(name:"MDKSA", value:"2003:006");
script_name(english:"Mandrake Linux Security Advisory : openldap (MDKSA-2003:006)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandrake Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"A review was completed by the SuSE Security Team on the OpenLDAP
server software, and this audit revealed several buffer overflows and
other bugs that remote attackers could exploit to gain unauthorized
access to the system running the vulnerable OpenLDAP servers.
Additionally, various locally exploitable bugs in the OpenLDAP v2
libraries have been fixed as well."
);
script_set_attribute(
attribute:"see_also",
value:"http://www.suse.de/security/2002_047_openldap2.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2-devel-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-back_dnssrv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-back_ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-back_passwd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-back_sql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-clients");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-guide");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-migration");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-servers");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
script_set_attribute(attribute:"patch_publication_date", value:"2003/01/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libldap2-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libldap2-devel-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libldap2-devel-static-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-back_dnssrv-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-back_ldap-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-back_passwd-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-back_sql-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-clients-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-guide-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-migration-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-servers-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libldap2-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libldap2-devel-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libldap2-devel-static-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-back_dnssrv-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-back_ldap-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-back_passwd-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-back_sql-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-clients-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-guide-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-migration-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-servers-2.0.21-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libldap2-2.0.21-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libldap2-devel-2.0.21-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libldap2-devel-static-2.0.21-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-2.0.21-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-back_dnssrv-2.0.21-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-back_ldap-2.0.21-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-back_passwd-2.0.21-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-back_sql-2.0.21-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-clients-2.0.21-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-guide-2.0.21-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-migration-2.0.21-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-servers-2.0.21-4.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libldap2-2.0.25-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libldap2-devel-2.0.25-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libldap2-devel-static-2.0.25-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-2.0.25-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-back_dnssrv-2.0.25-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-back_ldap-2.0.25-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-back_passwd-2.0.25-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-back_sql-2.0.25-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-clients-2.0.25-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-guide-2.0.25-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-migration-2.0.25-7.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-servers-2.0.25-7.1mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | libldap2 | p-cpe:/a:mandriva:linux:libldap2 |
| mandriva | linux | libldap2-devel | p-cpe:/a:mandriva:linux:libldap2-devel |
| mandriva | linux | libldap2-devel-static | p-cpe:/a:mandriva:linux:libldap2-devel-static |
| mandriva | linux | openldap | p-cpe:/a:mandriva:linux:openldap |
| mandriva | linux | openldap-back_dnssrv | p-cpe:/a:mandriva:linux:openldap-back_dnssrv |
| mandriva | linux | openldap-back_ldap | p-cpe:/a:mandriva:linux:openldap-back_ldap |
| mandriva | linux | openldap-back_passwd | p-cpe:/a:mandriva:linux:openldap-back_passwd |
| mandriva | linux | openldap-back_sql | p-cpe:/a:mandriva:linux:openldap-back_sql |
| mandriva | linux | openldap-clients | p-cpe:/a:mandriva:linux:openldap-clients |
| mandriva | linux | openldap-guide | p-cpe:/a:mandriva:linux:openldap-guide |
Related
nessus
nessus
Debian DSA-227-1 : openldap2 - buffer overflows and other bugs
2004-09-29 00:00:00
RHEL 2.1 : openldap (RHSA-2002:312)
2004-07-06 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-227)
2008-01-17 00:00:00
Debian Security Advisory DSA 227-1 (openldap2)
2008-01-17 00:00:00
osv
osv
openldap2 - buffer overflows and other bugs
2003-01-13 00:00:00
redhat
redhat
(RHSA-2002:312) openldap security update
2003-02-07 00:00:00
suse
suse
remote command execution in OpenLDAP2
2002-12-06 11:16:45
debian
debian
cve
cve
Related for MANDRAKE_MDKSA-2003-006.NASL