{"id": "ORACLELINUX_ELSA-2007-0430.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 3 : openldap (ELSA-2007-0430)", "description": "From Red Hat Security Advisory 2007:0430 :\n\nA updated openldap packages that fix a security flaw and a memory leak\nbug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP", "published": "2013-07-12T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/67514", "reporter": "This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-June/000179.html"], "cvelist": ["CVE-2006-4600"], "type": "nessus", "lastseen": "2019-11-01T03:14:09", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:openldap", "p-cpe:/a:oracle:linux:openldap-servers", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:openldap-clients", "p-cpe:/a:oracle:linux:openldap-devel"], "cvelist": ["CVE-2006-4600"], "cvss": {"score": 2.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "From Red Hat Security Advisory 2007:0430 :\n\nA updated openldap packages that fix a security flaw and a memory leak bug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users with selfwrite access were able to modify the distinguished name of any user. Users with selfwrite access should only be able to modify their own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function.\nAn application using this function could result in an Out Of Memory (OOM) condition, crashing the application.\n\nAll users are advised to upgrade to this updated openldap package, which contains a backported fix and is not vulnerable to these issues.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-02-21T01:19:13", "references": [{"idList": ["RHSA-2007:0310", "1624473", "RHSA-2007:0430"], "type": "redhat"}, {"idList": ["CVE-2006-4600"], "type": "cve"}, {"idList": ["AE7124FF-547C-11DB-8F1A-000A48049292"], "type": "freebsd"}, {"idList": ["VMSA-2007-0006"], "type": "vmware"}, {"idList": ["GLSA-200711-23"], "type": "gentoo"}, {"idList": ["ELSA-2007-0310"], "type": "oraclelinux"}, {"idList": ["OSVDB:28464"], "type": "osvdb"}, {"idList": ["OPENVAS:59243", "OPENVAS:57460"], "type": "openvas"}, {"idList": ["CESA-2007:0430", "CESA-2007:0310"], "type": "centos"}, {"idList": ["SECURITYVULNS:DOC:18039"], "type": "securityvulns"}, {"idList": ["MANDRAKE_MDKSA-2006-171.NASL", "CENTOS_RHSA-2007-0310.NASL", "GENTOO_GLSA-200711-23.NASL", "SL_20070501_OPENLDAP_ON_SL4_X.NASL", "FREEBSD_PKG_AE7124FF547C11DB8F1A000A48049292.NASL", "ORACLELINUX_ELSA-2007-0310.NASL", "REDHAT-RHSA-2007-0310.NASL", "SL_20070611_OPENLDAP_ON_SL3.NASL", "CENTOS_RHSA-2007-0430.NASL", "REDHAT-RHSA-2007-0430.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-02-21T01:19:13", "value": 4.1, "vector": "NONE"}}, "hash": "c6b4ff12a3ed3590dcb04d015ec456fba10fd4d8aa3d3fc01959d592a021466d", "hashmap": [{"hash": "d2da6ab757619fa2acc8aab2f9e3133a", "key": "pluginID"}, {"hash": "d442aaecc5e2204f17a166fc02892dc8", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f7ae9cbdd3a84385236593682c0c8b06", "key": "cvelist"}, {"hash": "af7e2bf724250fd718d94995bde9a9b4", "key": "cpe"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "bdd83b330253edc124cc16f3c4331a85", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "d95e90f0e4a44a7e02fc42656e5861ad", "key": "href"}, {"hash": "1865261413c3db59730e6f4c15d45b87", "key": "modified"}, {"hash": "63a573ab99b4287173317a1675dfc89a", "key": "cvss"}, {"hash": "589916592fee42c43f7e378593d8bfdb", "key": "title"}, {"hash": "a79c3c0bd672f1cf162993dee008ed36", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=67514", "id": "ORACLELINUX_ELSA-2007-0430.NASL", "lastseen": "2019-02-21T01:19:13", "modified": "2018-08-13T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "67514", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-June/000179.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0430 and \n# Oracle Linux Security Advisory ELSA-2007-0430 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67514);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/13 14:32:36\");\n\n script_cve_id(\"CVE-2006-4600\");\n script_xref(name:\"RHSA\", value:\"2007:0430\");\n\n script_name(english:\"Oracle Linux 3 : openldap (ELSA-2007-0430)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0430 :\n\nA updated openldap packages that fix a security flaw and a memory leak\nbug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function.\nAn application using this function could result in an Out Of Memory\n(OOM) condition, crashing the application.\n\nAll users are advised to upgrade to this updated openldap package,\nwhich contains a backported fix and is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000179.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-servers-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-servers-2.0.27-23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-devel / openldap-servers\");\n}\n", "title": "Oracle Linux 3 : openldap (ELSA-2007-0430)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss", "description", "reporter", "modified", "sourceData", "href"], "edition": 7, "lastseen": "2019-02-21T01:19:13"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:openldap", "p-cpe:/a:oracle:linux:openldap-servers", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:openldap-clients", "p-cpe:/a:oracle:linux:openldap-devel"], "cvelist": ["CVE-2006-4600"], "cvss": {"score": 2.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "From Red Hat Security Advisory 2007:0430 :\n\nA updated openldap packages that fix a security flaw and a memory leak bug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users with selfwrite access were able to modify the distinguished name of any user. Users with selfwrite access should only be able to modify their own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function.\nAn application using this function could result in an Out Of Memory (OOM) condition, crashing the application.\n\nAll users are advised to upgrade to this updated openldap package, which contains a backported fix and is not vulnerable to these issues.", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "c6b4ff12a3ed3590dcb04d015ec456fba10fd4d8aa3d3fc01959d592a021466d", "hashmap": [{"hash": "d2da6ab757619fa2acc8aab2f9e3133a", "key": "pluginID"}, {"hash": "d442aaecc5e2204f17a166fc02892dc8", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f7ae9cbdd3a84385236593682c0c8b06", "key": "cvelist"}, {"hash": "af7e2bf724250fd718d94995bde9a9b4", "key": "cpe"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "bdd83b330253edc124cc16f3c4331a85", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "d95e90f0e4a44a7e02fc42656e5861ad", "key": "href"}, {"hash": "1865261413c3db59730e6f4c15d45b87", "key": "modified"}, {"hash": "63a573ab99b4287173317a1675dfc89a", "key": "cvss"}, {"hash": "589916592fee42c43f7e378593d8bfdb", "key": "title"}, {"hash": "a79c3c0bd672f1cf162993dee008ed36", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=67514", "id": "ORACLELINUX_ELSA-2007-0430.NASL", "lastseen": "2018-09-01T23:54:25", "modified": "2018-08-13T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "67514", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-June/000179.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0430 and \n# Oracle Linux Security Advisory ELSA-2007-0430 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67514);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/13 14:32:36\");\n\n script_cve_id(\"CVE-2006-4600\");\n script_xref(name:\"RHSA\", value:\"2007:0430\");\n\n script_name(english:\"Oracle Linux 3 : openldap (ELSA-2007-0430)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0430 :\n\nA updated openldap packages that fix a security flaw and a memory leak\nbug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function.\nAn application using this function could result in an Out Of Memory\n(OOM) condition, crashing the application.\n\nAll users are advised to upgrade to this updated openldap package,\nwhich contains a backported fix and is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000179.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-servers-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-servers-2.0.27-23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-devel / openldap-servers\");\n}\n", "title": "Oracle Linux 3 : openldap (ELSA-2007-0430)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:54:25"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:openldap", "p-cpe:/a:oracle:linux:openldap-servers", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:openldap-clients", "p-cpe:/a:oracle:linux:openldap-devel"], "cvelist": ["CVE-2006-4600"], "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}, "description": "From Red Hat Security Advisory 2007:0430 :\n\nA updated openldap packages that fix a security flaw and a memory leak\nbug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-10-28T21:01:29", "references": [{"idList": ["RHSA-2007:0310", "1624473", "RHSA-2007:0430"], "type": "redhat"}, {"idList": ["CVE-2006-4600"], "type": "cve"}, {"idList": ["AE7124FF-547C-11DB-8F1A-000A48049292"], "type": "freebsd"}, {"idList": ["VMSA-2007-0006"], "type": "vmware"}, {"idList": ["GLSA-200711-23"], "type": "gentoo"}, {"idList": ["ELSA-2007-0310"], "type": "oraclelinux"}, {"idList": ["OSVDB:28464"], "type": "osvdb"}, {"idList": ["OPENVAS:59243", "OPENVAS:57460"], "type": "openvas"}, {"idList": ["CESA-2007:0430", "CESA-2007:0310"], "type": "centos"}, {"idList": ["SECURITYVULNS:DOC:18039"], "type": "securityvulns"}, {"idList": ["MANDRAKE_MDKSA-2006-171.NASL", "CENTOS_RHSA-2007-0310.NASL", "GENTOO_GLSA-200711-23.NASL", "SL_20070501_OPENLDAP_ON_SL4_X.NASL", "FREEBSD_PKG_AE7124FF547C11DB8F1A000A48049292.NASL", "ORACLELINUX_ELSA-2007-0310.NASL", "REDHAT-RHSA-2007-0310.NASL", "SL_20070611_OPENLDAP_ON_SL3.NASL", "CENTOS_RHSA-2007-0430.NASL", "REDHAT-RHSA-2007-0430.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-10-28T21:01:29", "value": 4.1, "vector": "NONE"}}, "hash": "c3acadd1b1e1c643bfdca1eb9e0d02afda9d85ee9a57e5f18e3e812d852e361c", "hashmap": [{"hash": "d2da6ab757619fa2acc8aab2f9e3133a", "key": "pluginID"}, {"hash": "df449e5dcaef03f78ae8273f46e4c94f", "key": "description"}, {"hash": "7458d143e7ebf4e0c7d9513e25bef07d", "key": "cvss"}, {"hash": "f7ae9cbdd3a84385236593682c0c8b06", "key": "cvelist"}, {"hash": "02fe0373782f38ecf1f263d07b04aeba", "key": "sourceData"}, {"hash": "af7e2bf724250fd718d94995bde9a9b4", "key": "cpe"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "8eac9495fdbab3f137fabcc129da239f", "key": "href"}, {"hash": "f0fc89578f7dd802dc2ed3b849553211", "key": "reporter"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "589916592fee42c43f7e378593d8bfdb", "key": "title"}, {"hash": "a79c3c0bd672f1cf162993dee008ed36", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/67514", "id": "ORACLELINUX_ELSA-2007-0430.NASL", "lastseen": "2019-10-28T21:01:29", "modified": "2019-10-02T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "67514", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-June/000179.html"], "reporter": "This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0430 and \n# Oracle Linux Security Advisory ELSA-2007-0430 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67514);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/25 13:36:06\");\n\n script_cve_id(\"CVE-2006-4600\");\n script_xref(name:\"RHSA\", value:\"2007:0430\");\n\n script_name(english:\"Oracle Linux 3 : openldap (ELSA-2007-0430)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0430 :\n\nA updated openldap packages that fix a security flaw and a memory leak\nbug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function.\nAn application using this function could result in an Out Of Memory\n(OOM) condition, crashing the application.\n\nAll users are advised to upgrade to this updated openldap package,\nwhich contains a backported fix and is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000179.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-servers-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-servers-2.0.27-23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-devel / openldap-servers\");\n}\n", "title": "Oracle Linux 3 : openldap (ELSA-2007-0430)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 8, "lastseen": "2019-10-28T21:01:29"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2006-4600"], "cvss": {"score": 2.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "From Red Hat Security Advisory 2007:0430 :\n\nA updated openldap packages that fix a security flaw and a memory leak bug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users with selfwrite access were able to modify the distinguished name of any user. Users with selfwrite access should only be able to modify their own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function.\nAn application using this function could result in an Out Of Memory (OOM) condition, crashing the application.\n\nAll users are advised to upgrade to this updated openldap package, which contains a backported fix and is not vulnerable to these issues.", "edition": 1, "enchantments": {}, "hash": "67fd81c57d859585de5dbbb6587b79299606fbafc8ef54805d23841bf686e64e", "hashmap": [{"hash": "d2da6ab757619fa2acc8aab2f9e3133a", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f7ae9cbdd3a84385236593682c0c8b06", "key": "cvelist"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "bdd83b330253edc124cc16f3c4331a85", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "7a74489272f7152fd144f98220582cfb", "key": "sourceData"}, {"hash": "d95e90f0e4a44a7e02fc42656e5861ad", "key": "href"}, {"hash": "63a573ab99b4287173317a1675dfc89a", "key": "cvss"}, {"hash": "be3ffe9319ca8bf2f8c339435e78948f", "key": "modified"}, {"hash": "589916592fee42c43f7e378593d8bfdb", "key": "title"}, {"hash": "a79c3c0bd672f1cf162993dee008ed36", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=67514", "id": "ORACLELINUX_ELSA-2007-0430.NASL", "lastseen": "2016-09-26T17:25:21", "modified": "2015-12-01T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "67514", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-June/000179.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0430 and \n# Oracle Linux Security Advisory ELSA-2007-0430 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67514);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/12/01 16:16:27 $\");\n\n script_cve_id(\"CVE-2006-4600\");\n script_osvdb_id(28464);\n script_xref(name:\"RHSA\", value:\"2007:0430\");\n\n script_name(english:\"Oracle Linux 3 : openldap (ELSA-2007-0430)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0430 :\n\nA updated openldap packages that fix a security flaw and a memory leak\nbug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function.\nAn application using this function could result in an Out Of Memory\n(OOM) condition, crashing the application.\n\nAll users are advised to upgrade to this updated openldap package,\nwhich contains a backported fix and is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000179.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-servers-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-servers-2.0.27-23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-devel / openldap-servers\");\n}\n", "title": "Oracle Linux 3 : openldap (ELSA-2007-0430)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:21"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:openldap", "p-cpe:/a:oracle:linux:openldap-servers", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:openldap-clients", "p-cpe:/a:oracle:linux:openldap-devel"], "cvelist": ["CVE-2006-4600"], "cvss": {"score": 2.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "From Red Hat Security Advisory 2007:0430 :\n\nA updated openldap packages that fix a security flaw and a memory leak\nbug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function.\nAn application using this function could result in an Out Of Memory\n(OOM) condition, crashing the application.\n\nAll users are advised to upgrade to this updated openldap package,\nwhich contains a backported fix and is not vulnerable to these issues.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:16:25", "references": [{"idList": ["RHSA-2007:0310", "1624473", "RHSA-2007:0430"], "type": "redhat"}, {"idList": ["CVE-2006-4600"], "type": "cve"}, {"idList": ["AE7124FF-547C-11DB-8F1A-000A48049292"], "type": "freebsd"}, {"idList": ["VMSA-2007-0006"], "type": "vmware"}, {"idList": ["GLSA-200711-23"], "type": "gentoo"}, {"idList": ["ELSA-2007-0310"], "type": "oraclelinux"}, {"idList": ["OSVDB:28464"], "type": "osvdb"}, {"idList": ["OPENVAS:59243", "OPENVAS:57460"], "type": "openvas"}, {"idList": ["CESA-2007:0430", "CESA-2007:0310"], "type": "centos"}, {"idList": ["SECURITYVULNS:DOC:18039"], "type": "securityvulns"}, {"idList": ["MANDRAKE_MDKSA-2006-171.NASL", "CENTOS_RHSA-2007-0310.NASL", "GENTOO_GLSA-200711-23.NASL", "SL_20070501_OPENLDAP_ON_SL4_X.NASL", "FREEBSD_PKG_AE7124FF547C11DB8F1A000A48049292.NASL", "ORACLELINUX_ELSA-2007-0310.NASL", "REDHAT-RHSA-2007-0310.NASL", "SL_20070611_OPENLDAP_ON_SL3.NASL", "CENTOS_RHSA-2007-0430.NASL", "REDHAT-RHSA-2007-0430.NASL"], "type": "nessus"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "3af6f66c0078da9eb3b28747acd0bb35d16f001d76b0dd51a8d5ca9aba2a45dc", "hashmap": [{"hash": "d2da6ab757619fa2acc8aab2f9e3133a", "key": "pluginID"}, {"hash": "d442aaecc5e2204f17a166fc02892dc8", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f7ae9cbdd3a84385236593682c0c8b06", "key": "cvelist"}, {"hash": "4f6098995be9820dbf0e475ffc2f9b09", "key": "description"}, {"hash": "af7e2bf724250fd718d94995bde9a9b4", "key": "cpe"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "d95e90f0e4a44a7e02fc42656e5861ad", "key": "href"}, {"hash": "1865261413c3db59730e6f4c15d45b87", "key": "modified"}, {"hash": "63a573ab99b4287173317a1675dfc89a", "key": "cvss"}, {"hash": "589916592fee42c43f7e378593d8bfdb", "key": "title"}, {"hash": "a79c3c0bd672f1cf162993dee008ed36", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=67514", "id": "ORACLELINUX_ELSA-2007-0430.NASL", "lastseen": "2019-01-16T20:16:25", "modified": "2018-08-13T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "67514", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-June/000179.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0430 and \n# Oracle Linux Security Advisory ELSA-2007-0430 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67514);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/13 14:32:36\");\n\n script_cve_id(\"CVE-2006-4600\");\n script_xref(name:\"RHSA\", value:\"2007:0430\");\n\n script_name(english:\"Oracle Linux 3 : openldap (ELSA-2007-0430)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0430 :\n\nA updated openldap packages that fix a security flaw and a memory leak\nbug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function.\nAn application using this function could result in an Out Of Memory\n(OOM) condition, crashing the application.\n\nAll users are advised to upgrade to this updated openldap package,\nwhich contains a backported fix and is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000179.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-servers-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-servers-2.0.27-23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-devel / openldap-servers\");\n}\n", "title": "Oracle Linux 3 : openldap (ELSA-2007-0430)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:16:25"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "af7e2bf724250fd718d94995bde9a9b4"}, {"key": "cvelist", "hash": "f7ae9cbdd3a84385236593682c0c8b06"}, {"key": "cvss", "hash": "7458d143e7ebf4e0c7d9513e25bef07d"}, {"key": "description", "hash": "df449e5dcaef03f78ae8273f46e4c94f"}, {"key": "href", "hash": "8eac9495fdbab3f137fabcc129da239f"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "e31ed89ab0cbb68ce2c40f17ec1e5483"}, {"key": "pluginID", "hash": "d2da6ab757619fa2acc8aab2f9e3133a"}, {"key": "published", "hash": "0db193a0effe2d65dffecdb5e4d9c241"}, {"key": "references", "hash": "a79c3c0bd672f1cf162993dee008ed36"}, {"key": "reporter", "hash": "f0fc89578f7dd802dc2ed3b849553211"}, {"key": "sourceData", "hash": "02fe0373782f38ecf1f263d07b04aeba"}, {"key": "title", "hash": "589916592fee42c43f7e378593d8bfdb"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "e15f371ea712dbc91bc04bf4272941094ec7926b41dca120b00c5b97d43a10f3", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-4600"]}, {"type": "redhat", "idList": ["1624473", "RHSA-2007:0430", "RHSA-2007:0310"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0310"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2007-0310.NASL", "SL_20070611_OPENLDAP_ON_SL3.NASL", "MANDRAKE_MDKSA-2006-171.NASL", "REDHAT-RHSA-2007-0430.NASL", "SL_20070501_OPENLDAP_ON_SL4_X.NASL", "REDHAT-RHSA-2007-0310.NASL", "CENTOS_RHSA-2007-0310.NASL", "CENTOS_RHSA-2007-0430.NASL", "FREEBSD_PKG_AE7124FF547C11DB8F1A000A48049292.NASL", "GENTOO_GLSA-200711-23.NASL"]}, {"type": "freebsd", "idList": ["AE7124FF-547C-11DB-8F1A-000A48049292"]}, {"type": "openvas", "idList": ["OPENVAS:57460", "OPENVAS:59243"]}, {"type": "centos", "idList": ["CESA-2007:0430", "CESA-2007:0310"]}, {"type": "osvdb", "idList": ["OSVDB:28464"]}, {"type": "gentoo", "idList": ["GLSA-200711-23"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:18039"]}, {"type": "vmware", "idList": ["VMSA-2007-0006"]}], "modified": "2019-11-01T03:14:09"}, "score": {"value": 4.1, "vector": "NONE", "modified": "2019-11-01T03:14:09"}, "vulnersScore": 4.1}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0430 and \n# Oracle Linux Security Advisory ELSA-2007-0430 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67514);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/25 13:36:06\");\n\n script_cve_id(\"CVE-2006-4600\");\n script_xref(name:\"RHSA\", value:\"2007:0430\");\n\n script_name(english:\"Oracle Linux 3 : openldap (ELSA-2007-0430)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0430 :\n\nA updated openldap packages that fix a security flaw and a memory leak\nbug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function.\nAn application using this function could result in an Out Of Memory\n(OOM) condition, crashing the application.\n\nAll users are advised to upgrade to this updated openldap package,\nwhich contains a backported fix and is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000179.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"openldap-servers-2.0.27-23\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"openldap-servers-2.0.27-23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-devel / openldap-servers\");\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "67514", "cpe": ["p-cpe:/a:oracle:linux:openldap", "p-cpe:/a:oracle:linux:openldap-servers", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:openldap-clients", "p-cpe:/a:oracle:linux:openldap-devel"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:08:33", "bulletinFamily": "NVD", "description": "slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).", "modified": "2018-10-17T21:38:00", "id": "CVE-2006-4600", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4600", "published": "2006-09-07T00:04:00", "title": "CVE-2006-4600", "type": "cve", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2017-08-03T22:58:06", "bulletinFamily": "unix", "description": "No description provided", "modified": "2016-03-20T00:24:45", "published": "2016-03-20T00:24:45", "href": "https://access.redhat.com/security/cve/cve-2006-4600", "id": "1624473", "title": "CVE-2006-4600", "type": "redhat", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-08-13T18:45:32", "bulletinFamily": "unix", "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access \r\nProtocol) applications, libraries and development tools.\r\n\r\nA flaw was found in the way OpenLDAP handled selfwrite access. Users with\r\nselfwrite access were able to modify the distinguished name of any user.\r\nUsers with selfwrite access should only be able to modify their own\r\ndistinguished name. (CVE-2006-4600)\r\n\r\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function. An\r\napplication using this function could result in an Out Of Memory (OOM)\r\ncondition, crashing the application.\r\n\r\nAll users are advised to upgrade to this updated openldap package, \r\nwhich contains a backported fix and is not vulnerable to these issues.", "modified": "2017-07-29T20:29:54", "published": "2007-06-11T17:45:45", "id": "RHSA-2007:0430", "href": "https://access.redhat.com/errata/RHSA-2007:0430", "type": "redhat", "title": "(RHSA-2007:0430) Low: openldap security and bug-fix update", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:45:57", "bulletinFamily": "unix", "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\r\nProtocol) applications and development tools.\r\n\r\nA flaw was found in the way OpenLDAP handled selfwrite access. Users with\r\nselfwrite access were able to modify the distinguished name of any user.\r\n(CVE-2006-4600)\r\n\r\nAll users are advised to upgrade to these updated openldap packages, which\r\ncontain a backported patch to correct this issue.", "modified": "2017-09-08T11:56:07", "published": "2007-05-01T04:00:00", "id": "RHSA-2007:0310", "href": "https://access.redhat.com/errata/RHSA-2007:0310", "type": "redhat", "title": "(RHSA-2007:0310) Low: openldap security update", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-11-01T02:54:59", "bulletinFamily": "scanner", "description": "slapd in OpenLDAP before 2.3.25 allows remote authenticated users with\nselfwrite Access Control List (ACL) privileges to modify arbitrary\nDistinguished Names (DN).\n\nPackages have been patched to correct this issue.", "modified": "2019-11-02T00:00:00", "id": "MANDRAKE_MDKSA-2006-171.NASL", "href": "https://www.tenable.com/plugins/nessus/24557", "published": "2007-02-18T00:00:00", "title": "Mandrake Linux Security Advisory : openldap (MDKSA-2006:171)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:171. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24557);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:48\");\n\n script_cve_id(\"CVE-2006-4600\");\n script_xref(name:\"MDKSA\", value:\"2006:171\");\n\n script_name(english:\"Mandrake Linux Security Advisory : openldap (MDKSA-2006:171)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"slapd in OpenLDAP before 2.3.25 allows remote authenticated users with\nselfwrite Access Control List (ACL) privileges to modify arbitrary\nDistinguished Names (DN).\n\nPackages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.3_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.3_0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.3_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.3_0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-2.3.6-4.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-devel-2.3.6-4.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-static-devel-2.3.6-4.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libldap2.3_0-2.3.6-4.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libldap2.3_0-devel-2.3.6-4.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libldap2.3_0-static-devel-2.3.6-4.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"openldap-2.3.6-4.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"openldap-clients-2.3.6-4.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"openldap-doc-2.3.6-4.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"openldap-servers-2.3.6-4.2.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T03:20:14", "bulletinFamily": "scanner", "description": "A updated openldap packages that fix a security flaw is now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. (CVE-2006-4600)\n\nAll users are advised to upgrade to these updated openldap packages,\nwhich contain a backported patch to correct this issue.", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2007-0310.NASL", "href": "https://www.tenable.com/plugins/nessus/25146", "published": "2007-05-02T00:00:00", "title": "RHEL 4 : openldap (RHSA-2007:0310)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0310. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25146);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2019/10/25 13:36:12\");\n\n script_cve_id(\"CVE-2006-4600\");\n script_xref(name:\"RHSA\", value:\"2007:0310\");\n\n script_name(english:\"RHEL 4 : openldap (RHSA-2007:0310)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A updated openldap packages that fix a security flaw is now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. (CVE-2006-4600)\n\nAll users are advised to upgrade to these updated openldap packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0310\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0310\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"compat-openldap-2.1.30-7.4E\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-2.2.13-7.4E\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-clients-2.2.13-7.4E\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-devel-2.2.13-7.4E\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-servers-2.2.13-7.4E\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-servers-sql-2.2.13-7.4E\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / openldap / openldap-clients / openldap-devel / etc\");\n }\n}\n", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T03:20:15", "bulletinFamily": "scanner", "description": "A updated openldap packages that fix a security flaw and a memory leak\nbug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2007-0430.NASL", "href": "https://www.tenable.com/plugins/nessus/25477", "published": "2007-06-12T00:00:00", "title": "RHEL 3 : openldap (RHSA-2007:0430)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0430. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25477);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2019/10/25 13:36:12\");\n\n script_cve_id(\"CVE-2006-4600\");\n script_xref(name:\"RHSA\", value:\"2007:0430\");\n\n script_name(english:\"RHEL 3 : openldap (RHSA-2007:0430)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A updated openldap packages that fix a security flaw and a memory leak\nbug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function.\nAn application using this function could result in an Out Of Memory\n(OOM) condition, crashing the application.\n\nAll users are advised to upgrade to this updated openldap package,\nwhich contains a backported fix and is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0430\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0430\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"openldap-2.0.27-23\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openldap-clients-2.0.27-23\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openldap-devel-2.0.27-23\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openldap-servers-2.0.27-23\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-devel / openldap-servers\");\n }\n}\n", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T03:29:41", "bulletinFamily": "scanner", "description": "A flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. (CVE-2006-4600)", "modified": "2019-11-02T00:00:00", "id": "SL_20070501_OPENLDAP_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60167", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : openldap on SL4.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60167);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:16\");\n\n script_cve_id(\"CVE-2006-4600\");\n\n script_name(english:\"Scientific Linux Security Update : openldap on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. (CVE-2006-4600)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0705&L=scientific-linux-errata&T=0&P=1802\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba5040cd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"compat-openldap-2.1.30-7.4E\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openldap-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openldap-clients-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openldap-devel-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openldap-servers-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openldap-servers-sql-2.2.13-7.4E\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:15:06", "bulletinFamily": "scanner", "description": "A updated openldap packages that fix a security flaw and a memory leak\nbug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2007-0430.NASL", "href": "https://www.tenable.com/plugins/nessus/25496", "published": "2007-06-14T00:00:00", "title": "CentOS 3 : openldap (CESA-2007:0430)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0430 and \n# CentOS Errata and Security Advisory 2007:0430 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25496);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/10/25 13:36:03\");\n\n script_cve_id(\"CVE-2006-4600\");\n script_xref(name:\"RHSA\", value:\"2007:0430\");\n\n script_name(english:\"CentOS 3 : openldap (CESA-2007:0430)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A updated openldap packages that fix a security flaw and a memory leak\nbug are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications, libraries and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function.\nAn application using this function could result in an Out Of Memory\n(OOM) condition, crashing the application.\n\nAll users are advised to upgrade to this updated openldap package,\nwhich contains a backported fix and is not vulnerable to these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-June/013898.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc9a3794\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-June/013910.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c090bf3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-June/013911.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14da1253\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openldap-servers-2.0.27-23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-devel / openldap-servers\");\n}\n", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:39:22", "bulletinFamily": "scanner", "description": "Howard Chu reports :\n\nAn ACL of the form ", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_AE7124FF547C11DB8F1A000A48049292.NASL", "href": "https://www.tenable.com/plugins/nessus/22519", "published": "2006-10-10T00:00:00", "title": "FreeBSD : openldap -- slapd acl selfwrite Security Issue (ae7124ff-547c-11db-8f1a-000a48049292)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22519);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:38\");\n\n script_cve_id(\"CVE-2006-4600\");\n script_bugtraq_id(19832);\n script_xref(name:\"Secunia\", value:\"21721\");\n\n script_name(english:\"FreeBSD : openldap -- slapd acl selfwrite Security Issue (ae7124ff-547c-11db-8f1a-000a48049292)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Howard Chu reports :\n\nAn ACL of the form 'access to dn.subtree='ou=groups,\ndc=example,dc=com' attr=member by * selfwrite' is intended to only\nallow users to add/delete their own DN to the target attribute.\nCurrently it allows any DNs to be modified.\"\n );\n # http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0cb9c29a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.openldap.org/lists/openldap-announce/200608/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://securitytracker.com/alerts/2006/Sep/1016783.html\"\n );\n # https://vuxml.freebsd.org/freebsd/ae7124ff-547c-11db-8f1a-000a48049292.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ce9cea7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openldap-sasl-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openldap-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openldap-server<2.3.25\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openldap-sasl-server<2.3.25\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:15:06", "bulletinFamily": "scanner", "description": "A updated openldap packages that fix a security flaw is now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. (CVE-2006-4600)\n\nAll users are advised to upgrade to these updated openldap packages,\nwhich contain a backported patch to correct this issue.", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2007-0310.NASL", "href": "https://www.tenable.com/plugins/nessus/67049", "published": "2013-06-29T00:00:00", "title": "CentOS 4 : gdm / openldap (CESA-2007:0310)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0310 and \n# CentOS Errata and Security Advisory 2007:0310 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67049);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:03\");\n\n script_cve_id(\"CVE-2006-4600\");\n script_xref(name:\"RHSA\", value:\"2007:0310\");\n\n script_name(english:\"CentOS 4 : gdm / openldap (CESA-2007:0310)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A updated openldap packages that fix a security flaw is now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. (CVE-2006-4600)\n\nAll users are advised to upgrade to these updated openldap packages,\nwhich contain a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013703.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e78e9513\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013704.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc6d6290\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gdm and / or openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"compat-openldap-2.1.30-7.4E\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"gdm-2.6.0.5-7.rhel4.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openldap-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openldap-clients-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openldap-devel-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openldap-servers-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openldap-servers-sql-2.2.13-7.4E\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / gdm / openldap / openldap-clients / etc\");\n}\n", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T03:14:09", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2007:0310 :\n\nA updated openldap packages that fix a security flaw is now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. (CVE-2006-4600)\n\nAll users are advised to upgrade to these updated openldap packages,\nwhich contain a backported patch to correct this issue.", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2007-0310.NASL", "href": "https://www.tenable.com/plugins/nessus/67484", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : openldap (ELSA-2007-0310)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0310 and \n# Oracle Linux Security Advisory ELSA-2007-0310 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67484);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:06\");\n\n script_cve_id(\"CVE-2006-4600\");\n script_xref(name:\"RHSA\", value:\"2007:0310\");\n\n script_name(english:\"Oracle Linux 4 : openldap (ELSA-2007-0310)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0310 :\n\nA updated openldap packages that fix a security flaw is now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. (CVE-2006-4600)\n\nAll users are advised to upgrade to these updated openldap packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-May/000152.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"compat-openldap-2.1.30-7.4E\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"compat-openldap-2.1.30-7.4E\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openldap-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openldap-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openldap-clients-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openldap-clients-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openldap-devel-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openldap-devel-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openldap-servers-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openldap-servers-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openldap-servers-sql-2.2.13-7.4E\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openldap-servers-sql-2.2.13-7.4E\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / openldap / openldap-clients / openldap-devel / etc\");\n}\n", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T03:29:42", "bulletinFamily": "scanner", "description": "A flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP", "modified": "2019-11-02T00:00:00", "id": "SL_20070611_OPENLDAP_ON_SL3.NASL", "href": "https://www.tenable.com/plugins/nessus/60201", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : openldap on SL3.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60201);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:17\");\n\n script_cve_id(\"CVE-2006-4600\");\n\n script_name(english:\"Scientific Linux Security Update : openldap on SL3.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way OpenLDAP handled selfwrite access. Users\nwith selfwrite access were able to modify the distinguished name of\nany user. Users with selfwrite access should only be able to modify\ntheir own distinguished name. (CVE-2006-4600)\n\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function.\nAn application using this function could result in an Out Of Memory\n(OOM) condition, crashing the application.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=2125\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a1085e39\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"openldap-2.0.27-23\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"openldap-clients-2.0.27-23\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"openldap-devel-2.0.27-23\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"openldap-servers-2.0.27-23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:40:17", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200711-23\n(VMware Workstation and Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in several VMware\n products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that\n the DHCP server contains an integer overflow vulnerability\n (CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and\n another error when handling malformed packets (CVE-2007-0061), leading\n to stack-based buffer overflows or stack corruption. Rafal Wojtczvk\n (McAfee) discovered two unspecified errors that allow authenticated\n users with administrative or login privileges on a guest operating\n system to corrupt memory or cause a Denial of Service (CVE-2007-4496,\n CVE-2007-4497). Another unspecified vulnerability related to untrusted\n virtual machine images was discovered (CVE-2007-5617).\n VMware products also shipped code copies of software with several\n vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT\n Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow\n (GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813,\n CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146).\n \nImpact :\n\n Remote attackers within a guest system could possibly exploit these\n vulnerabilities to execute code on the host system with elevated\n privileges or to cause a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-200711-23.NASL", "href": "https://www.tenable.com/plugins/nessus/28262", "published": "2007-11-20T00:00:00", "title": "GLSA-200711-23 : VMware Workstation and Player: Multiple vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200711-23.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28262);\n script_version(\"1.25\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2004-0813\", \"CVE-2006-3619\", \"CVE-2006-4146\", \"CVE-2006-4600\", \"CVE-2007-0061\", \"CVE-2007-0062\", \"CVE-2007-0063\", \"CVE-2007-1716\", \"CVE-2007-4496\", \"CVE-2007-4497\", \"CVE-2007-5617\");\n script_xref(name:\"GLSA\", value:\"200711-23\");\n\n script_name(english:\"GLSA-200711-23 : VMware Workstation and Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200711-23\n(VMware Workstation and Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in several VMware\n products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that\n the DHCP server contains an integer overflow vulnerability\n (CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and\n another error when handling malformed packets (CVE-2007-0061), leading\n to stack-based buffer overflows or stack corruption. Rafal Wojtczvk\n (McAfee) discovered two unspecified errors that allow authenticated\n users with administrative or login privileges on a guest operating\n system to corrupt memory or cause a Denial of Service (CVE-2007-4496,\n CVE-2007-4497). Another unspecified vulnerability related to untrusted\n virtual machine images was discovered (CVE-2007-5617).\n VMware products also shipped code copies of software with several\n vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT\n Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow\n (GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813,\n CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146).\n \nImpact :\n\n Remote attackers within a guest system could possibly exploit these\n vulnerabilities to execute code on the host system with elevated\n privileges or to cause a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200606-02\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200702-06\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200704-11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200705-15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200707-11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2007/000001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200711-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All VMware Workstation users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/vmware-workstation-5.5.5.56455'\n All VMware Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/vmware-player-1.0.5.56455'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:vmware-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:vmware-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/vmware-player\", unaffected:make_list(\"ge 1.0.5.56455\"), vulnerable:make_list(\"lt 1.0.5.56455\", \"eq 2.0.0.45731\"))) flag++;\nif (qpkg_check(package:\"app-emulation/vmware-workstation\", unaffected:make_list(\"ge 5.5.5.56455\"), vulnerable:make_list(\"lt 5.5.5.56455\", \"eq 6.0.0.45731\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"VMware Workstation and Player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:40", "bulletinFamily": "unix", "description": "\nHoward Chu reports:\n\nAn ACL of the form 'access to dn.subtree=\"ou=groups,\n\t dc=example,dc=com\" attr=member by * selfwrite' is intended\n\t to only allow users to add/delete their own DN to the\n\t target attribute. Currently it allows any DNs to be\n\t modified.\n\n", "modified": "2006-06-14T00:00:00", "published": "2006-06-14T00:00:00", "id": "AE7124FF-547C-11DB-8F1A-000A48049292", "href": "https://vuxml.freebsd.org/freebsd/ae7124ff-547c-11db-8f1a-000a48049292.html", "title": "openldap -- slapd acl selfwrite Security Issue", "type": "freebsd", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-02T21:10:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-26T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57460", "id": "OPENVAS:57460", "title": "FreeBSD Ports: openldap-server, openldap-sasl-server", "type": "openvas", "sourceData": "#\n#VID ae7124ff-547c-11db-8f1a-000a48049292\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n openldap-server openldap-sasl-server\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587\nhttp://www.openldap.org/lists/openldap-announce/200608/msg00000.html\nhttp://secunia.com/advisories/21721\nhttp://securitytracker.com/alerts/2006/Sep/1016783.html\nhttp://www.vuxml.org/freebsd/ae7124ff-547c-11db-8f1a-000a48049292.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(57460);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-4600\");\n script_bugtraq_id(19832);\n script_tag(name:\"cvss_base\", value:\"2.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: openldap-server, openldap-sasl-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"openldap-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.3.25\")<0) {\n txt += 'Package openldap-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"openldap-sasl-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.3.25\")<0) {\n txt += 'Package openldap-sasl-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:49:58", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200711-23.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=59243", "id": "OPENVAS:59243", "title": "Gentoo Security Advisory GLSA 200711-23 (vmware-workstation vmware-player)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"VMware guest operating systems might be able to execute arbitrary code with\nelevated privileges on the host operating system through multiple flaws.\";\ntag_solution = \"All VMware Workstation users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n'>=app-emulation/vmware-workstation-5.5.5.56455'\n\nAll VMware Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n'>=app-emulation/vmware-player-1.0.5.56455'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200711-23\nhttp://bugs.gentoo.org/show_bug.cgi?id=193196\nhttp://www.gentoo.org/security/en/glsa/glsa-200606-02.xml\nhttp://www.gentoo.org/security/en/glsa/glsa-200702-06.xml\nhttp://www.gentoo.org/security/en/glsa/glsa-200704-11.xml\nhttp://www.gentoo.org/security/en/glsa/glsa-200705-15.xml\nhttp://www.gentoo.org/security/en/glsa/glsa-200707-11.xml\nhttp://lists.vmware.com/pipermail/security-announce/2007/000001.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200711-23.\";\n\n \n\nif(description)\n{\n script_id(59243);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2004-0813\", \"CVE-2006-3619\", \"CVE-2006-4146\", \"CVE-2006-4600\", \"CVE-2007-0061\", \"CVE-2007-0062\", \"CVE-2007-0063\", \"CVE-2007-1716\", \"CVE-2007-4496\", \"CVE-2007-4497\", \"CVE-2007-5617\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200711-23 (vmware-workstation vmware-player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-emulation/vmware-workstation\", unaffected: make_list(\"rge 5.5.5.56455\", \"ge 6.0.1.55017\"), vulnerable: make_list(\"lt 6.0.1.55017\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-emulation/vmware-player\", unaffected: make_list(\"rge 1.0.5.56455\", \"ge 2.0.1.55017\"), vulnerable: make_list(\"lt 2.0.1.55017\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-05-29T18:34:05", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0430\n\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access \r\nProtocol) applications, libraries and development tools.\r\n\r\nA flaw was found in the way OpenLDAP handled selfwrite access. Users with\r\nselfwrite access were able to modify the distinguished name of any user.\r\nUsers with selfwrite access should only be able to modify their own\r\ndistinguished name. (CVE-2006-4600)\r\n\r\nA memory leak bug was found in OpenLDAP's ldap_start_tls_s() function. An\r\napplication using this function could result in an Out Of Memory (OOM)\r\ncondition, crashing the application.\r\n\r\nAll users are advised to upgrade to this updated openldap package, \r\nwhich contains a backported fix and is not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013898.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013904.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013910.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013911.html\n\n**Affected packages:**\nopenldap\nopenldap-clients\nopenldap-devel\nopenldap-servers\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0430.html", "modified": "2007-06-12T20:11:02", "published": "2007-06-11T21:07:22", "href": "http://lists.centos.org/pipermail/centos-announce/2007-June/013898.html", "id": "CESA-2007:0430", "title": "openldap security update", "type": "centos", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:54", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0310\n\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\r\nProtocol) applications and development tools.\r\n\r\nA flaw was found in the way OpenLDAP handled selfwrite access. Users with\r\nselfwrite access were able to modify the distinguished name of any user.\r\n(CVE-2006-4600)\r\n\r\nAll users are advised to upgrade to these updated openldap packages, which\r\ncontain a backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013703.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013704.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/013725.html\n\n**Affected packages:**\ncompat-openldap\ngdm\nopenldap\nopenldap-clients\nopenldap-devel\nopenldap-servers\nopenldap-servers-sql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0310.html", "modified": "2007-05-04T22:43:47", "published": "2007-05-02T08:52:57", "href": "http://lists.centos.org/pipermail/centos-announce/2007-May/013703.html", "id": "CESA-2007:0310", "title": "compat, gdm, openldap security update", "type": "centos", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 2.3.25 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.openldap.org/\nVendor Specific News/Changelog Entry: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587\n[Vendor Specific Advisory URL](https://issues.rpath.com/browse/RPL-667)\n[Secunia Advisory ID:22219](https://secuniaresearch.flexerasoftware.com/advisories/22219/)\n[Secunia Advisory ID:25676](https://secuniaresearch.flexerasoftware.com/advisories/25676/)\n[Secunia Advisory ID:21721](https://secuniaresearch.flexerasoftware.com/advisories/21721/)\n[Secunia Advisory ID:22273](https://secuniaresearch.flexerasoftware.com/advisories/22273/)\n[Secunia Advisory ID:22300](https://secuniaresearch.flexerasoftware.com/advisories/22300/)\n[Secunia Advisory ID:25628](https://secuniaresearch.flexerasoftware.com/advisories/25628/)\n[Secunia Advisory ID:25894](https://secuniaresearch.flexerasoftware.com/advisories/25894/)\n[Secunia Advisory ID:26909](https://secuniaresearch.flexerasoftware.com/advisories/26909/)\n[Secunia Advisory ID:27706](https://secuniaresearch.flexerasoftware.com/advisories/27706/)\n[Secunia Advisory ID:25098](https://secuniaresearch.flexerasoftware.com/advisories/25098/)\nRedHat RHSA: RHSA-2007:0203\nRedHat RHSA: RHSA-2007:0430\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-232.htm\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:171\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200711-23.xml\nOther Advisory URL: http://www.trustix.org/errata/2006/0055/\n[CVE-2006-4600](https://vulners.com/cve/CVE-2006-4600)\nBugtraq ID: 19832\n", "modified": "2006-06-13T07:49:16", "published": "2006-06-13T07:49:16", "href": "https://vulners.com/osvdb/OSVDB:28464", "id": "OSVDB:28464", "type": "osvdb", "title": "OpenLDAP slapd selfwrite Arbitrary DN Modification", "cvss": {"score": 2.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:39", "bulletinFamily": "unix", "description": " [2.3.13-7.4E]\n - include the -selfwrite patch to close\n Resolves: rhbz#205826: CVE-2006-4600 openldap improper selfwrite access ", "modified": "2007-05-17T00:00:00", "published": "2007-05-17T00:00:00", "id": "ELSA-2007-0310", "href": "http://linux.oracle.com/errata/ELSA-2007-0310.html", "title": "Low: openldap security update ", "type": "oraclelinux", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:44", "bulletinFamily": "unix", "description": "### Background\n\nVMware Workstation is a virtual machine for developers and system administrators. VMware Player is a freeware virtualization software that can run guests produced by other VMware products. \n\n### Description\n\nMultiple vulnerabilities have been discovered in several VMware products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that the DHCP server contains an integer overflow vulnerability (CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and another error when handling malformed packets (CVE-2007-0061), leading to stack-based buffer overflows or stack corruption. Rafal Wojtczvk (McAfee) discovered two unspecified errors that allow authenticated users with administrative or login privileges on a guest operating system to corrupt memory or cause a Denial of Service (CVE-2007-4496, CVE-2007-4497). Another unspecified vulnerability related to untrusted virtual machine images was discovered (CVE-2007-5617). \n\nVMware products also shipped code copies of software with several vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow (GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813, CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146). \n\n### Impact\n\nRemote attackers within a guest system could possibly exploit these vulnerabilities to execute code on the host system with elevated privileges or to cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll VMware Workstation users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/vmware-workstation-5.5.5.56455\"\n\nAll VMware Player users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/vmware-player-1.0.5.56455\"", "modified": "2008-04-16T00:00:00", "published": "2007-11-18T00:00:00", "id": "GLSA-200711-23", "href": "https://security.gentoo.org/glsa/200711-23", "type": "gentoo", "title": "VMware Workstation and Player: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:23", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\n- - -------------------------------------------------------------------\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2007-0006\r\nSynopsis: Critical security updates for all supported\r\n versions of VMware ESX Server, VMware Server,\r\n VMware Workstation, VMware ACE, and\r\n VMware Player\r\n\r\nIssue date: 2007-09-18\r\nUpdated on: 2007-09-18\r\n\r\nCVE numbers: CVE-2007-2446 CVE-2007-2447 CVE-2007-0494\r\n CVE-2007-2442 CVE-2007-2443 CVE-2007-2798\r\n CVE-2007-0061 CVE-2007-0062 CVE-2007-0063\r\n CVE-2007-4059 CVE-2007-4155 CVE-2007-4496\r\n CVE-2007-4497 CVE-2007-1856 CVE-2006-1174\r\n CVE-2006-4600 CVE-2004-0813 CVE-2007-1716\r\n CVE-2006-3619 CVE-2006-4146\r\n- - -------------------------------------------------------------------\r\n\r\n1. Summary:\r\n\r\nUpdated versions of all supported hosted products and all ESX 2x\r\nproducts and patches for ESX 30x address critical security updates.\r\n\r\nService Console security updates for samba, bind, krb5, vixie-cron,\r\nshadow-utils, openldap, pam, gcc, and gdb packages.\r\n\r\n2. Relevant releases:\r\n\r\nVMware Workstation 6.0.0\r\nVMware Player 2.0.0\r\nVMware ACE 2.0.0\r\n\r\nVMware Workstation prior to 5.5.5\r\nVMware Player prior to 1.0.5\r\nVMware Server prior to 1.0.4\r\nVMware ACE prior to 1.0.4\r\n\r\nVMware ESX 3.0.2 without patches ESX-1001725 ESX-1001731 ESX-1001726\r\n ESX-1001727 ESX-1001728 ESX-1001729\r\n ESX-1001730\r\n\r\nVMware ESX 3.0.1 without patches ESX-8258730 ESX-1001213 ESX-1001691\r\n ESX-1001723 ESX-1001214 ESX-1001692\r\n ESX-1001693 ESX-1001694 ESX-8253547\r\n ESX-8567382\r\n\r\nVMware ESX 3.0.0 without patches ESX-4809553 ESX-1001204 ESX-1001206\r\n ESX-1001212 ESX-1001205 ESX-1001207\r\n ESX-1001208 ESX-1001209 ESX-1001210\r\n ESX-1001211\r\n\r\nVMware ESX 2.5.4 prior to upgrade patch 10 &#40;Build# 53326&#41;\r\nVMware ESX 2.5.3 prior to upgrade patch 13 &#40;Build# 52488&#41;\r\nVMware ESX 2.1.3 prior to upgrade patch 8 &#40;Build# 53228&#41;\r\nVMware ESX 2.0.2 prior to upgrade patch 8 &#40;Build# 52650&#41;\r\n\r\n3. Problem description:\r\n\r\nProblems addressed by these patches:\r\n\r\nI Arbitrary code execution and denial of service vulnerabilities\r\n\r\n This release fixes a security vulnerability that could allow a\r\n guest operating system user with administrative privileges to cause\r\n memory corruption in a host process, and thus potentially execute\r\n arbitrary code on the host. &#40;CVE-2007-4496&#41;\r\n\r\n This release fixes a denial of service vulnerability that could\r\n allow a guest operating system to cause a host process to become\r\n unresponsive or exit unexpectedly. &#40;CVE-2007-4497&#41;\r\n\r\n Thanks to Rafal Wojtczvk of McAfee for identifying and reporting\r\n these issues.\r\n\r\n ESX\r\n ---\r\n VMware ESX 3.0.1 Download Patch Bundle ESX-8258730\r\n http://www.vmware.com/support/vi3/doc/esx-8258730-patch.html\r\n md5sum a06d0e36e403b0fe6bc6fbc76220a86d\r\n\r\n VMware ESX 3.0.0 Download Patch Bundle ESX-4809553\r\n http://www.vmware.com/support/vi3/doc/esx-4809553-patch.html\r\n md5sum cd363526aab5fa6c45bf2509cb5ae500\r\n\r\n NOTE: ESX 3.0.0 is nearing its End-of-life &#40;10/05/2007&#41; users\r\n should upgrade to at least 3.0.1 and preferably the newest\r\n release available.\r\n\r\n VMware ESX 2.5.4 upgrade to patch 10 &#40;Build# 53326&#41;\r\n VMware ESX 2.5.3 upgrade to patch 13 &#40;Build# 52488&#41;\r\n VMware ESX 2.1.3 upgrade to patch 8 &#40;Build# 53228&#41;\r\n VMware ESX 2.0.2 upgrade to patch 8 &#40;Build# 52650&#41;\r\n\r\n NOTE: ESX 3.0.2 is not affected by this issue\r\n\r\n Hosted products\r\n ---------------\r\n VMware Workstation 6.0.0 upgrade to version 6.0.1 &#40;Build# 55017&#41;\r\n VMware Workstation 5.5.4 upgrade to version 5.5.5 &#40;Build# 56455&#41;\r\n VMware Player 2.0.0 upgrade to version 2.0.1 &#40;Build# 55017&#41;\r\n VMware Player 1.0.4 upgrade to version 1.0.5 &#40;Build# 56455&#41;\r\n VMware Server 1.0.3 upgrade to version 1.0.4 &#40;Build# 56528&#41;\r\n VMware ACE 2.0.0 upgrade to version 2.0.1 &#40;Build# 55017&#41;\r\n VMware ACE 1.0.3 upgrade to version 1.0.4 &#40;Build# 54075&#41;\r\n\r\nII Hosted products DHCP security vulnerabilities addressed\r\n\r\n This release fixes several vulnerabilities in the DHCP server\r\n that could enable a specially crafted packets to gain system-level\r\n privileges. &#40;CVE-2007-0061, CVE-2007-0062, CVE-2007-0063&#41;\r\n\r\n Thanks to Neel Mehta and Ryan Smith of the IBM Internet Security\r\n Systems X-Force for discovering and researching these\r\n vulnerabilities.\r\n\r\n Hosted products\r\n ---------------\r\n VMware Workstation 6.0.0 upgrade to version 6.0.1 &#40;Build# 55017&#41;\r\n VMware Workstation 5.5.4 upgrade to version 5.5.5 &#40;Build# 56455&#41;\r\n VMware Player 2.0.0 upgrade to version 2.0.1 &#40;Build# 55017&#41;\r\n VMware Player 1.0.4 upgrade to version 1.0.5 &#40;Build# 56455&#41;\r\n VMware Server 1.0.3 upgrade to version 1.0.4 &#40;Build# 56528&#41;\r\n VMware ACE 2.0.0 upgrade to version 2.0.1 &#40;Build# 55017&#41;\r\n VMware ACE 1.0.3 upgrade to version 1.0.4 &#40;Build# 54075&#41;\r\n\r\nIII Windows based hosted product vulnerability in\r\n IntraProcessLogging.dll and vielib.dll.\r\n\r\n This release fixes a security vulnerability that could allow a\r\n malicious remote user to exploit the library file\r\n IntraProcessLogging.dll to overwrite files in a system.\r\n &#40;CVE-2007-4059&#41;\r\n\r\n This release fixes a security vulnerability that could allow a\r\n malicious remote user to exploit the library file vielib.dll to\r\n overwrite files in a system. &#40;CVE-2007-4155&#41;\r\n\r\n Thanks to the Goodfellas Security Research Team for discovering and\r\n researching these vulnerabilities.\r\n\r\n Hosted products\r\n ---------------\r\n VMware Workstation 6.0.0 upgrade to version 6.0.1 &#40;Build# 55017&#41;\r\n VMware Workstation 5.5.4 upgrade to version 5.5.5 &#40;Build# 56455&#41;\r\n VMware Player 2.0.0 upgrade to version 2.0.1 &#40;Build# 55017&#41;\r\n VMware Player 1.0.4 upgrade to version 1.0.5 &#40;Build# 56455&#41;\r\n VMware Server 1.0.3 upgrade to version 1.0.4 &#40;Build# 56528&#41;\r\n VMware ACE 2.0.0 upgrade to version 2.0.1 &#40;Build# 55017&#41;\r\n VMware ACE 1.0.3 upgrade to version 1.0.4 &#40;Build# 54075&#41;\r\n\r\n\r\nIV Escalation of privileges on Windows hosted systems\r\n\r\n This release fixes a security vulnerability in which Workstation\r\n was starting registered Windows services in an insecure manner.\r\n This vulnerability could allow a malicious user to escalate user\r\n privileges.\r\n\r\n Thanks to Foundstone for discovering this vulnerability.\r\n\r\n Hosted products\r\n ---------------\r\n VMware Workstation 6.0.0 upgrade to version 6.0.1 &#40;Build# 55017&#41;\r\n VMware Workstation 5.5.4 upgrade to version 5.5.5 &#40;Build# 56455&#41;\r\n VMware Player 2.0.0 upgrade to version 2.0.1 &#40;Build# 55017&#41;\r\n VMware Player 1.0.4 upgrade to version 1.0.5 &#40;Build# 56455&#41;\r\n VMware Server 1.0.3 upgrade to version 1.0.4 &#40;Build# 56528&#41;\r\n VMware ACE 2.0.0 upgrade to version 2.0.1 &#40;Build# 55017&#41;\r\n VMware ACE 1.0.3 upgrade to version 1.0.4 &#40;Build# 54075&#41;\r\n\r\nV Potential denial of service using VMware Player\r\n\r\n This release fixes a problem that prevented VMware Player from\r\n launching. This problem was accompanied by the error message VMware\r\n Player unrecoverable error: &#40;player&#41; Exception 0xc0000005 &#40;access\r\n violation&#41; has occurred.\r\n\r\n Hosted products\r\n ---------------\r\n VMware Player 2.0.0 upgrade to version 2.0.1 &#40;Build# 55017&#41;\r\n VMware Player 1.0.4 upgrade to version 1.0.5 &#40;Build# 56455&#41;\r\n\r\nVI ESX Service Console updates\r\n\r\na. Service console package Samba, has been updated to address the\r\n following issues:\r\n\r\n Various bugs were found in NDR parsing, used to decode MS-RPC\r\n requests in Samba. A remote attacker could have sent carefully\r\n crafted requests causing a heap overflow, which may have led to the\r\n ability to execute arbitrary code on the server. &#40;CVE-2007-2446&#41;\r\n\r\n Unescaped user input parameters were being passed as arguments to\r\n /bin/sh. A remote, authenticated, user could have triggered this\r\n flaw and executed arbitrary code on the server. Additionally, this\r\n flaw could be triggered by a remote unauthenticated user if Samba\r\n was configured to use the non-default username map script option.\r\n &#40;CVE-2007-2447&#41;\r\n\r\n Thanks to the Samba developers, TippingPoint, and iDefense for\r\n identifying and reporting these issues.\r\n\r\n Note: These issues only affect the service console network, and are\r\n not remote vulnerabilities for ESX Server hosts that have been set\r\n up with the security best practices provided by VMware.\r\n http://www.vmware.com/resources/techresources/726\r\n\r\n ESX\r\n ---\r\n VMware ESX 3.0.1 Download Patch Bundle ESX-1001213\r\n http://www.vmware.com/support/vi3/doc/esx-1001213-patch.html\r\n md5sum 4e942e5b47f90654696910fb8b10b144\r\n\r\n VMware ESX 3.0.0 Download Patch Bundle ESX-1001204\r\n http://www.vmware.com/support/vi3/doc/esx-1001204-patch.html\r\n md5sum 08bfdec038ea900c72f04e8d50b2db62\r\n\r\n NOTE: ESX 3.0.0 is nearing its End-of-life &#40;10/05/2007&#41; users\r\n should upgrade to at least 3.0.1 and preferably the newest\r\n release available\r\n\r\n VMware ESX 2.5.4 prior to upgrade patch 10 &#40;Build# 53326&#41;\r\n VMware ESX 2.5.3 prior to upgrade patch 13 &#40;Build# 52488&#41;\r\n VMware ESX 2.1.3 prior to upgrade patch 8 &#40;Build# 53228&#41;\r\n VMware ESX 2.0.2 prior to upgrade patch 8 &#40;Build# 52650&#41;\r\n\r\n NOTE: ESX 3.0.2 is not affected by this issue\r\n\r\nb. Updated bind package for the service console fixes a flaw with the\r\n way ISC BIND processed certain DNS query responses.\r\n\r\n ISC BIND &#40;Berkeley Internet Name Domain&#41; is an implementation of\r\n the DNS &#40;Domain Name System&#41; protocols. Under some circumstances, a\r\n malicious remote user could launch a Denial-of-Service attack on\r\n ESX Server hosts that had enabled DNSSEC validation.\r\n &#40;CVE-2007-0494&#41;\r\n\r\n Note: These issues only affect the service console network, and are\r\n not remote vulnerabilities for ESX Server hosts that have been set\r\n up with the security best practices provided by VMware.\r\n http://www.vmware.com/resources/techresources/726\r\n\r\n ESX\r\n ---\r\n VMware ESX 3.0.2 Download Patch Bundle ESX-1001725\r\n http://www.vmware.com/support/vi3/doc/esx-1001725-patch.html\r\n md5sum 75aa49eecec2e84eb41a4c26683d4c7a\r\n\r\n VMware ESX 3.0.1 Download Patch Bundle ESX-1001691\r\n http://www.vmware.com/support/vi3/doc/esx-1001691-patch.html\r\n md5sum e288a71c4953aa6724ce53879c663f81\r\n\r\n VMware ESX 3.0.0 Download Patch Bundle ESX-1001206\r\n http://www.vmware.com/support/vi3/doc/esx-1001206-patch.html\r\n md5sum bd552eb70624164067039525941ce82a\r\n\r\n NOTE: ESX 3.0.0 is nearing its End-of-life &#40;10/05/2007&#41; users\r\n should upgrade to at least 3.0.1 and preferably the newest\r\n release available\r\n\r\n VMware ESX 2.5.4 prior to upgrade patch 10 &#40;Build# 53326&#41;\r\n VMware ESX 2.5.3 prior to upgrade patch 13 &#40;Build# 52488&#41;\r\n VMware ESX 2.1.3 prior to upgrade patch 8 &#40;Build# 53228&#41;\r\n VMware ESX 2.0.2 prior to upgrade patch 8 &#40;Build# 52650&#41;\r\n\r\nc. This patch provides updated service console package krb5 update.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n assigned the names CVE-2007-2442, CVE-2007-2443, and CVE-2007-2798\r\n to these security issues.\r\n\r\n Thanks to Wei Wang of McAfee Avert Labs discovered these\r\n vulnerabilities.\r\n\r\n Note: The VMware service console does not provide the kadmind\r\n binary, and is not affected by these issues, but a update has been\r\n provided for completeness.\r\n\r\n ESX\r\n ---\r\n VMware ESX 3.0.2 Download Patch Bundle ESX-1001731\r\n http://www.vmware.com/support/vi3/doc/esx-1001731-patch.html\r\n md5sum c349b83065f5b06cee34bae90a5a01b3\r\n\r\n VMware ESX 3.0.1 Download Patch Bundle ESX-1001723\r\n http://www.vmware.com/support/vi3/doc/esx-1001723-patch.html\r\n md5sum 9a31d1718d6c063cf978305b84637c40\r\n\r\n VMware ESX 3.0.0 Download Patch Bundle ESX-1001212\r\n http://www.vmware.com/support/vi3/doc/esx-1001212-patch.html\r\n md5sum 2bc08369d3410fa59d353e45830ae9f5\r\n\r\n NOTE: ESX 3.0.0 is nearing its End-of-life &#40;10/05/2007&#41; users\r\n should upgrade to at least 3.0.1 and preferably the newest\r\n release available\r\n\r\n VMware ESX 2.5.4 prior to upgrade patch 10 &#40;Build# 53326&#41;\r\n VMware ESX 2.5.3 prior to upgrade patch 13 &#40;Build# 52488&#41;\r\n VMware ESX 2.1.3 prior to upgrade patch 8 &#40;Build# 53228&#41;\r\n VMware ESX 2.0.2 prior to upgrade patch 8 &#40;Build# 52650&#41;\r\n\r\nd. Service console update for vixie-cron\r\n\r\n This patch provides an updated service console package vixie-cron.\r\n Cron is a standard UNIX daemon that runs specified programs at\r\n scheduled times.\r\n\r\n A denial of service issue was found in the way vixie-cron verified\r\n crontab file integrity. A local user with the ability to create a\r\n hardlink to /etc/crontab could potentially prevent vixie-cron from\r\n executing certain system cron jobs. &#40;CVE-2007-1856&#41;\r\n\r\n Thanks to Raphael Marichez for identifying this issue.\r\n\r\n ESX\r\n ---\r\n VMware ESX 3.0.1 Download Patch Bundle ESX-1001214\r\n http://www.vmware.com/support/vi3/doc/esx-1001214-patch.html\r\n md5sum 1e63db1cc7605830b16306a35bccd878\r\n\r\n VMware ESX 3.0.0 Download Patch Bundle ESX-1001205\r\n http://www.vmware.com/support/vi3/doc/esx-1001205-patch.html\r\n md5sum e6b818cf885d5fd5f93d33b27051df83\r\n\r\n NOTE: ESX 3.0.0 is nearing its End-of-life &#40;10/05/2007&#41; users\r\n should upgrade to at least 3.0.1 and preferably the newest\r\n release available\r\n\r\n NOTE: ESX 3.0.2 and ESX 2.x are not affected by this issue.\r\n\r\ne. Service console update for shadow-utils\r\n\r\n This patch provides an updated shadow-utils package. A new\r\n user&#39;s mailbox, when created, could have random permissions for a\r\n short period. This could enable a local malicious user to\r\n read or modify the mailbox. &#40;CVE-2006-1174&#41;\r\n\r\n ESX\r\n ---\r\n VMware ESX 3.0.2 Download Patch Bundle ESX-1001726\r\n http://www.vmware.com/support/vi3/doc/esx-1001726-patch.html\r\n md5sum ac55c65ddc2142a292648765e9dcb583\r\n\r\n VMware ESX 3.0.1 Download Patch Bundle ESX-1001692\r\n http://www.vmware.com/support/vi3/doc/esx-1001692-patch.html\r\n md5sum 27edbac467107cc1fe6c78a839ce2144\r\n\r\n VMware ESX 3.0.0 Download Patch Bundle ESX-1001207\r\n http://www.vmware.com/support/vi3/doc/esx-1001207-patch.html\r\n md5sum acad9bce49ac9398ab1ee502980b49cb\r\n\r\n NOTE: ESX 3.0.0 is nearing its End-of-life &#40;10/05/2007&#41; users\r\n should upgrade to at least 3.0.1 and preferably the newest\r\n release available\r\n\r\nf. Service console update for OpenLDAP\r\n\r\n This patch provides a updated OpenLDAP package. A flaw could\r\n allow users with selfwrite access to modify the distinguished\r\n name of any user, instead of being limited to modify only\r\n their own distinguished name. &#40;CVE-2006-4600&#41;\r\n\r\n ESX\r\n ---\r\n VMware ESX 3.0.2 Download Patch Bundle ESX-1001727\r\n http://www.vmware.com/support/vi3/doc/esx-1001727-patch.html\r\n md5sum bd137cbf65b20dae3aaf422a559f92a1\r\n\r\n VMware ESX 3.0.1 Download Patch Bundle ESX-1001693\r\n http://www.vmware.com/support/vi3/doc/esx-1001693-patch.html\r\n md5sum a11191b59761b6afb68ea73e9e6456d0\r\n\r\n VMware ESX 3.0.0 Download Patch Bundle ESX-1001208\r\n http://www.vmware.com/support/vi3/doc/esx-1001208-patch.html\r\n md5sum f3e26b66682191e024a9b094a063837f\r\n\r\n NOTE: ESX 3.0.0 is nearing its End-of-life &#40;10/05/2007&#41; users\r\n should upgrade to at least 3.0.1 and preferably the newest\r\n release available\r\n\r\n NOTE: ESX 2.x doesen&#39;t ship OpenLDAP\r\n\r\ng. Service console update for PAM\r\n\r\n This patch provides an updated PAM package A vulnerability was\r\n found that could allow console users with access to certain device\r\n files to cause damage to recordable CD drives. Certain file\r\n permissions have now been modified to disallow access.\r\n &#40;CVE-2004-0813&#41;\r\n\r\n A flaw was found with console device permissions. It was possible\r\n for various console devices to retain ownership of the previoius\r\n console user after logging out, which could result in leakage of\r\n information to an unauthorized user. &#40;CVE-2007-1716&#41;\r\n\r\n ESX\r\n ---\r\n VMware ESX 3.0.2 Download Patch Bundle ESX-1001728\r\n http://www.vmware.com/support/vi3/doc/esx-1001728-patch.html\r\n md5sum a33f0cc5b1cfc68683c4d8643c52775c\r\n\r\n VMware ESX 3.0.1 Download Patch Bundle ESX-1001694\r\n http://www.vmware.com/support/vi3/doc/esx-1001694-patch.html\r\n md5sum 6ce5d882d6fe9e714ce48f719cefb182\r\n\r\n VMware ESX 3.0.0 Download Patch Bundle ESX-1001209\r\n http://www.vmware.com/support/vi3/doc/esx-1001209-patch.html\r\n md5sum 1c7adad00a20f9e7ba1fbe1663ad4d66\r\n\r\n NOTE: ESX 3.0.0 is nearing its End-of-life &#40;10/05/2007&#41; users\r\n should upgrade to at least 3.0.1 and preferably the newest\r\n release available\r\n\r\nh. Service console update for GCC\r\n\r\n This patch provides security fixes for the service console GNU\r\n Compiler Collection &#40;GCC&#41; packages that include C, C++, Java,\r\n Fortran 77, Objective C, and Ada 95 GNU compilers and related\r\n support libraries.\r\n\r\n A flaw was found in the fastjar utility that could potentially\r\n allow a malicious user to create a JAR file which, if unpacked\r\n using fastjar, could write to any file that an authorized user had\r\n write access to. &#40;CVE-2006-3619&#41;\r\n\r\n Thanks to J&#252;rgen Weigert for identifying this issue.\r\n\r\n ESX\r\n ---\r\n VMware ESX 3.0.2 Download Patch Bundle ESX-1001729\r\n http://www.vmware.com/support/vi3/doc/esx-1001729-patch.html\r\n md5sum 1b2d32dc805971703bb2c8c047c6144a\r\n\r\n VMware ESX 3.0.1 Download Patch Bundle ESX-8253547\r\n http://www.vmware.com/support/vi3/doc/esx-8253547-patch.html\r\n md5sum 90702b54fb6197a6680f141ad8c435fa\r\n\r\n VMware ESX 3.0.0 Download Patch Bundle ESX-1001210\r\n http://www.vmware.com/support/vi3/doc/esx-1001210-patch.html\r\n md5sum c1fb76ac529966bf65cc98cc5e5e88bb\r\n\r\n NOTE: ESX 3.0.0 is nearing its End-of-life &#40;10/05/2007&#41; users\r\n should upgrade to at least 3.0.1 and preferably the newest\r\n release available\r\n\r\ni. Service Console update for GDB\r\n\r\n This patch provides a security fix for the service console GNU\r\n debugger &#40;GDB&#41;. Various vulnerabilities were found in GDB. These\r\n vulnerabilities may allow a malicious user to deceive a user into\r\n loading debugging information into GDB, enabling the execution of\r\n arbitrary code with the privileges of the user. &#40;CVE-2006-4146&#41;\r\n\r\n ESX\r\n ---\r\n VMware ESX 3.0.2 Download Patch Bundle ESX-1001730\r\n http://www.vmware.com/support/vi3/doc/esx-1001730-patch.html\r\n md5sum 7f91450c665065c9998a635bbe4c42db\r\n\r\n VMware ESX 3.0.1 Download Patch Bundle ESX-8567382\r\n http://www.vmware.com/support/vi3/doc/esx-8567382-patch.html\r\n md5sum 230a7c7ceec8bd581110ef9303a480fc\r\n\r\n VMware ESX 3.0.0 Download Patch Bundle ESX-1001211\r\n http://www.vmware.com/support/vi3/doc/esx-1001211-patch.html\r\n md5sum 3f30f6a1a28e6ff4c10d5e44864d327e\r\n\r\n NOTE: ESX 3.0.0 is nearing its End-of-life &#40;10/05/2007&#41; users\r\n should upgrade to at least 3.0.1 and preferably the newest\r\n release available\r\n\r\n4. Solution:\r\n\r\nPlease review the Patch notes for your product and version and verify\r\nthe md5sum of your downloaded file.\r\n\r\n ESX 3.0.1, ESX 3.0.0 patches and md5sums are listed in the\r\n above sections\r\n\r\n ESX 2.5.4\r\n http://www.vmware.com/support/esx25/doc/esx-254-200708-patch.html\r\n md5sum 8f29f906e0f3c8605a203f914f36b3d1\r\n\r\n ESX 2.5.3\r\n http://www.vmware.com/support/esx25/doc/esx-253-200708-patch.html\r\n md5sum 32ba19deb7af268ab357710145f8659b\r\n\r\n NOTE: ESX 2.5.3 is nearing its End-of-life &#40;10/05/2007&#41; users\r\n should upgrade to at least 2.5.4 and preferably the newest\r\n release available.\r\n\r\n ESX 2.1.3\r\n http://www.vmware.com/support/esx21/doc/esx-213-200708-patch.html\r\n md5sum 32f9f87a99c5c801dd61492a9d91dfe2\r\n\r\n NOTE: ESX 2.1.3 is nearing its End-of-life &#40;12/15/2007&#41; users\r\n should upgrade to at least 2.5.4 and preferably the newest\r\n release available.\r\n\r\n ESX 2.0.2\r\n http://www.vmware.com/support/esx2/doc/esx-202-200708-patch.html\r\n md5sum f36bb75b51f79e4ba2a2f01a71c3bb08\r\n\r\n NOTE: ESX 2.0.2 is nearning its End-of-life &#40;12/15/2007&#41; users\r\n should upgrade to at least 2.5.4 and preferably the newest\r\n release available.\r\n\r\n Workstation 6.0.1\r\n -----------------\r\n http://www.vmware.com/download/ws/\r\n\r\n Windows release notes:\r\n http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\r\n Linux release notes:\r\n http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\r\n\r\n Workstation 5.5.5\r\n -----------------\r\n http://www.vmware.com/download/ws/ws5.html\r\n\r\n Windows release notes:\r\n http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\r\n Linux release notes:\r\n http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\r\n\r\n Server 1.0.4\r\n ------------\r\n http://www.vmware.com/download/server/\r\n Release notes:\r\n http://www.vmware.com/support/server/doc/releasenotes_server.html\r\n\r\n ACE 2.0.1 and 1.0.4\r\n -------------------\r\n http://www.vmware.com/download/ace/\r\n\r\n Windows Release notes:\r\n http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\r\n\r\n Player 2.0.1 and 1.0.5\r\n ----------------------\r\n http://www.vmware.com/download/player/\r\n\r\n Release notes Player 1.x:\r\n http://www.vmware.com/support/player/doc/releasenotes_player.html\r\n Release notes Player 2.0\r\n http://www.vmware.com/support/player2/doc/releasenotes_player2.html\r\n\r\n5. References:\r\n\r\n CVE numbers\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0061\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0062\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0063\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4059\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4155\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4496\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4497\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1856\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0813\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1716\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3619\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4146\r\n\r\n\r\n- - -------------------------------------------------------------------\r\n6. Contact:\r\n\r\nE-mail list for product security notifications and announcements:\r\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\nThis Security Advisory is posted to the following lists:\r\n\r\n * security-announce@lists.vmware.com\r\n * bugtraq@securityfocus.com\r\n * full-disclosure@lists.grok.org.uk\r\n\r\nE-mail: security@vmware.com\r\n\r\nhttp://www.vmware.com/security\r\n\r\nVMware Security Response Policy\r\nhttp://www.vmware.com/vmtn/technology/security/security_response.html\r\n\r\nGeneral Support Lifecycle Policy\r\nhttp://www.vmware.com/support/policies/eos.html\r\n\r\nVMware Infrastructure Support Life Cycle Policy\r\nhttp://www.vmware.com/support/policies/eos_vi.html\r\n\r\nCopyright 2007 VMware Inc. All rights reserved.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFG8depS2KysvBH1xkRCLHoAJ9sJyVIqG7nGjbLlCo1d7ogan7SQwCcC6Wj\r\nng+NNXJenc6G4YXR0xce8U4=\r\n=ElrO\r\n-----END PGP SIGNATURE-----", "modified": "2007-09-21T00:00:00", "published": "2007-09-21T00:00:00", "id": "SECURITYVULNS:DOC:18039", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18039", "title": "VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2019-11-06T16:05:54", "bulletinFamily": "unix", "description": " \nProblems addressed by these patches: \n \nI Arbitrary code execution and denial of service vulnerabilities \n \nThis release fixes a security vulnerability that could allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and thus potentially execute arbitrary code on the host. (CVE-2007-4496) \n \nThis release fixes a denial of service vulnerability that could allow a guest operating system to cause a host process to become unresponsive or exit unexpectedly. (CVE-2007-4497) \n \nThanks to Rafal Wojtczvk of McAfee for identifying and reporting \nthese issues. \n \nESX \n\\--- \nVMware ESX 3.0.1 Download Patch Bundle ESX-8258730 \n[www.vmware.com/support/vi3/doc/esx-8258730-patch.html](<http://www.vmware.com/support/vi3/doc/esx-8258730-patch.html>) \nmd5sum a06d0e36e403b0fe6bc6fbc76220a86d \n \nVMware ESX 3.0.0 Download Patch Bundle ESX-4809553 \n[www.vmware.com/support/vi3/doc/esx-4809553-patch.html](<http://www.vmware.com/support/vi3/doc/esx-4809553-patch.html>) \nmd5sum cd363526aab5fa6c45bf2509cb5ae500 \n \nNOTE: ESX 3.0.0 is nearing its End-of-life (10/05/2007) users \nshould upgrade to at least 3.0.1 and preferably the newest \nrelease available. \n \nVMware ESX 2.5.4 upgrade to patch 10 (Build# 53326) \nVMware ESX 2.5.3 upgrade to patch 13 (Build# 52488) \nVMware ESX 2.1.3 upgrade to patch 8 (Build# 53228) \nVMware ESX 2.0.2 upgrade to patch 8 (Build# 52650) \n \nNOTE: ESX 3.0.2 is not affected by this issue \n \nHosted products \n\\--------------- \nVMware Workstation 6.0.0 upgrade to version 6.0.1 (Build# 55017) \nVMware Workstation 5.5.4 upgrade to version 5.5.5 (Build# 56455) \nVMware Player 2.0.0 upgrade to version 2.0.1 (Build# 55017) \nVMware Player 1.0.4 upgrade to version 1.0.5 (Build# 56455) \nVMware Server 1.0.3 upgrade to version 1.0.4 (Build# 56528) \nVMware ACE 2.0.0 upgrade to version 2.0.1 (Build# 55017) \nVMware ACE 1.0.3 upgrade to version 1.0.4 (Build# 54075) \n \nII Hosted products DHCP security vulnerabilities addressed \n \nThis release fixes several vulnerabilities in the DHCP server that could enable a specially crafted packets to gain system-level privileges. (CVE-2007-0061, CVE-2007-0062, CVE-2007-0063) \n \nThanks to Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force for discovering and researching these vulnerabilities. \n \nHosted products \n\\--------------- \nVMware Workstation 6.0.0 upgrade to version 6.0.1 (Build# 55017) \nVMware Workstation 5.5.4 upgrade to version 5.5.5 (Build# 56455) \nVMware Player 2.0.0 upgrade to version 2.0.1 (Build# 55017) \nVMware Player 1.0.4 upgrade to version 1.0.5 (Build# 56455) \nVMware Server 1.0.3 upgrade to version 1.0.4 (Build# 56528) \nVMware ACE 2.0.0 upgrade to version 2.0.1 (Build# 55017) \nVMware ACE 1.0.3 upgrade to version 1.0.4 (Build# 54075) \n \nIII Windows based hosted product vulnerability in IntraProcessLogging.dll and \nvielib.dll. \n \nThis release fixes a security vulnerability that could allow a malicious remote user to exploit the library file IntraProcessLogging.dll to overwrite files in a system. (CVE-2007-4059) \n \nThis release fixes a security vulnerability that could allow a malicious remote user to exploit the library file vielib.dll to overwrite files in a system. (CVE-2007-4155) \n \nThanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities. \n \nHosted products \n\\--------------- \nVMware Workstation 6.0.0 upgrade to version 6.0.1 (Build# 55017) \nVMware Workstation 5.5.4 upgrade to version 5.5.5 (Build# 56455) \nVMware Player 2.0.0 upgrade to version 2.0.1 (Build# 55017) \nVMware Player 1.0.4 upgrade to version 1.0.5 (Build# 56455) \nVMware Server 1.0.3 upgrade to version 1.0.4 (Build# 56528) \nVMware ACE 2.0.0 upgrade to version 2.0.1 (Build# 55017) \nVMware ACE 1.0.3 upgrade to version 1.0.4 (Build# 54075) \n \n \nIV Escalation of privileges on Windows hosted systems \n \nThis release fixes a security vulnerability in which Workstation was starting registered Windows services in an insecure manner. This vulnerability could allow a malicious user to escalate user privileges. \n \nThanks to Foundstone for discovering this vulnerability. \n \nHosted products \n\\--------------- \nVMware Workstation 6.0.0 upgrade to version 6.0.1 (Build# 55017) \nVMware Workstation 5.5.4 upgrade to version 5.5.5 (Build# 56455) \nVMware Player 2.0.0 upgrade to version 2.0.1 (Build# 55017) \nVMware Player 1.0.4 upgrade to version 1.0.5 (Build# 56455) \nVMware Server 1.0.3 upgrade to version 1.0.4 (Build# 56528) \nVMware ACE 2.0.0 upgrade to version 2.0.1 (Build# 55017) \nVMware ACE 1.0.3 upgrade to version 1.0.4 (Build# 54075) \n \nV Potential denial of service using VMware Player \n \nThis release fixes a problem that prevented VMware Player from launching. \nThis problem was accompanied by the error message VMware Player unrecoverable error: (player) Exception 0xc0000005 (access violation) has occurred. \n \nHosted products \n\\--------------- \nVMware Player 2.0.0 upgrade to version 2.0.1 (Build# 55017) \nVMware Player 1.0.4 upgrade to version 1.0.5 (Build# 56455) \n \nVI ESX Service Console updates \n\n", "modified": "2007-09-18T00:00:00", "published": "2007-09-18T00:00:00", "id": "VMSA-2007-0006", "href": "https://www.vmware.com/security/advisories/VMSA-2007-0006.html", "title": "Updated versions of all supported hosted products and all ESX 2x products and patches for ESX 30x address critical security updates. Service Console security updates for samba, bind, krb5, vixie-cron, shadow-utils, openldap, pam, gcc, and gdb packages.", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}