Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.MANDRIVA_MDVSA-2015-074.NASL
HistoryMar 30, 2015 - 12:00 a.m.

Mandriva Linux Security Advisory : openldap (MDVSA-2015:074)

2015-03-3000:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.961 High

EPSS

Percentile

99.5%

JSON

A vulnerability has been discovered and corrected in openldap :

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request (CVE-2015-1545).

The updated packages provides a solution for these security issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2015:074. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82327);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2015-1545");
  script_bugtraq_id(72519);
  script_xref(name:"MDVSA", value:"2015:074");

  script_name(english:"Mandriva Linux Security Advisory : openldap (MDVSA-2015:074)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability has been discovered and corrected in openldap :

The deref_parseCtrl function in servers/slapd/overlays/deref.c in
OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a
denial of service (NULL pointer dereference and crash) via an empty
attribute list in a deref control in a search request (CVE-2015-1545).

The updated packages provides a solution for these security issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ldap2.4_2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-servers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-testprogs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-tests");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64ldap2.4_2-2.4.33-4.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64ldap2.4_2-devel-2.4.33-4.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64ldap2.4_2-static-devel-2.4.33-4.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"openldap-2.4.33-4.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"openldap-clients-2.4.33-4.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"openldap-doc-2.4.33-4.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"openldap-servers-2.4.33-4.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"openldap-testprogs-2.4.33-4.2.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"openldap-tests-2.4.33-4.2.mbs1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64ldap2.4_2p-cpe:/a:mandriva:linux:lib64ldap2.4_2
mandrivalinuxlib64ldap2.4_2-develp-cpe:/a:mandriva:linux:lib64ldap2.4_2-devel
mandrivalinuxlib64ldap2.4_2-static-develp-cpe:/a:mandriva:linux:lib64ldap2.4_2-static-devel
mandrivalinuxopenldapp-cpe:/a:mandriva:linux:openldap
mandrivalinuxopenldap-clientsp-cpe:/a:mandriva:linux:openldap-clients
mandrivalinuxopenldap-docp-cpe:/a:mandriva:linux:openldap-doc
mandrivalinuxopenldap-serversp-cpe:/a:mandriva:linux:openldap-servers
mandrivalinuxopenldap-testprogsp-cpe:/a:mandriva:linux:openldap-testprogs
mandrivalinuxopenldap-testsp-cpe:/a:mandriva:linux:openldap-tests
mandrivabusiness_server1cpe:/o:mandriva:business_server:1

Related

fedora 1
ubuntucve 1
checkpoint_advisories 1
cve 1
nessus 11
debiancve 1
openvas 9
mageia 1
nvd 1
cvelist 1
prion 1
f5 2
kaspersky 1
securityvulns 4
debian 2
osv 2
ubuntu 1
apple 2
fedora
fedora
[SECURITY] Fedora 21 Update: openldap-2.4.40-3.fc21
2015-04-13 07:04:55
ubuntucve
ubuntucve
CVE-2015-1545
2015-02-12 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenLDAP slapd Deref Overlay Null Pointer Dereference (CVE-2015-1545)
2015-07-12 00:00:00
cve
cve
CVE-2015-1545
2015-02-12 16:59:06
nessus
nessus
Fedora 21 : openldap-2.4.40-3.fc21 (2015-2055)
2015-04-14 00:00:00
SUSE SLED12 / SLES12 Security Update : openldap2 (SUSE-SU-2015:1077-1)
2015-06-18 00:00:00
openSUSE Security Update : openldap2 (openSUSE-2015-526)
2015-08-03 00:00:00
debiancve
debiancve
CVE-2015-1545
2015-02-12 16:59:06
openvas
openvas
Fedora Update for openldap FEDORA-2015-2055
2015-04-14 00:00:00
Mageia: Security Advisory (MGASA-2015-0143)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1077-1)
2021-04-19 00:00:00
mageia
mageia
Updated openldap packages fix CVE-2015-1545
2015-04-10 01:54:46
nvd
nvd
CVE-2015-1545
2015-02-12 16:59:06
cvelist
cvelist
CVE-2015-1545
2015-02-12 16:00:00
prion
prion
Null pointer dereference
2015-02-12 16:59:00
f5
f5
SOL16343 - OpenLDAP vulnerabilities CVE-2015-1545 and CVE-2015-1546
2015-04-02 00:00:00
K16343 : OpenLDAP vulnerabilities CVE-2015-1545 and CVE-2015-1546
2015-04-02 00:00:00
kaspersky
kaspersky
KLA10486 Denial of service vulnerability in OpenLDAP
2015-02-12 00:00:00
securityvulns
securityvulns
OpenLDAP multiple security vulnerabilities
2015-04-13 00:00:00
[SECURITY] [DSA 3209-1] openldap security update
2015-04-13 00:00:00
Apple Mac OS X multiple security vulnerabilities
2015-04-13 00:00:00
debian
debian
[SECURITY] [DSA 3209-1] openldap security update
2015-03-30 21:04:31
[SECURITY] [DLA 203-1] openldap security update
2015-04-18 15:26:21
osv
osv
openldap - security update
2015-03-30 00:00:00
openldap - security update
2015-04-18 00:00:00
ubuntu
ubuntu
OpenLDAP vulnerabilities
2015-05-26 00:00:00
apple
apple
About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support
2020-11-12 07:38:35
About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
2019-12-10 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.961 High

EPSS

Percentile

99.5%

JSON
Related for MANDRIVA_MDVSA-2015-074.NASL
fedora1ubuntucve1checkpoint_advisories1cve1nessus11debiancve1openvas9mageia1nvd1cvelist1prion1f52kaspersky1securityvulns4debian2osv2ubuntu1apple2