SUSE-SA:2006:072: openldap2-client

🗓️ 18 Feb 2007 00:00:00Reported by TenableType

The remote host is missing a vendor-supplied security patch for openldap2-clien

Reporter	Title	Published	Views	Family All 33
BDU FSTEC	The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the OpenSUSE operating system allows attackers to compromise the accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the OpenSUSE operating system allows attackers to compromise the accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the OpenSUSE operating system allows attackers to compromise the accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the OpenSUSE operating system allows attackers to compromise the accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Gentoo Linux operating system, which allows a malicious intruder to compromise the accessibility of protected information	28 Apr 201500:00	–	bdu_fstec
Circl	CVE-2006-5779	8 Feb 202408:16	–	circl

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:072
#


if ( ! defined_func("bn_random") ) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if(description)
{
 script_id(24449);
 script_version("1.10");
 
 name["english"] = "SUSE-SA:2006:072: openldap2-client";
 
 script_name(english:name["english"]);
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a vendor-supplied security patch" );
 script_set_attribute(attribute:"description", value:
"The remote host is missing the patch for the advisory SUSE-SA:2006:072 (openldap2-client).


OpenLDAP libldap's strval2strlen() function contained a bug when
processing the authcid string of certain Bind Requests, which could
allow attackers to  cause an affected application (especially the
OpenLDAP Server) to crash.

This is tracked by the Mitre CVE ID CVE-2006-5779." );
 script_set_attribute(attribute:"solution", value:
"http://www.novell.com/linux/security/advisories/2006_72_openldap2.html" );
 script_set_attribute(attribute:"risk_factor", value:"High" );



 script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
 script_end_attributes();

 
 summary["english"] = "Check for the version of the openldap2-client package";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
 family["english"] = "SuSE Local Security Checks";
 script_family(english:family["english"]);
 
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/SuSE/rpm-list");
 exit(0);
}

include("rpm.inc");
if ( rpm_check( reference:"openldap2-client-2.2.27-6.4", release:"SUSE10.0") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"openldap2-client-2.2.23-6.6", release:"SUSE9.3") )
{
 security_hole(0);
 exit(0);
}

14 Jan 2021 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 25

CVSS 3.17.5

EPSS0.43371