Lucene search
Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4078-1.NASLHistoryAug 12, 2019 - 12:00 a.m.
Ubuntu 16.04 LTS / 18.04 LTS : OpenLDAP vulnerabilities (USN-4078-1)
2019-08-1200:00:00
Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
It was discovered that OpenLDAP incorrectly handled rootDN delegation.
A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations.
(CVE-2019-13057)
It was discovered that OpenLDAP incorrectly handled SASL authentication and session encryption. After a first SASL bind was completed, it was possible to obtain access by performing simple binds, contrary to expectations. (CVE-2019-13565).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4078-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('compat.inc');
if (description)
{
script_id(127794);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");
script_cve_id("CVE-2019-13057", "CVE-2019-13565");
script_xref(name:"USN", value:"4078-1");
script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : OpenLDAP vulnerabilities (USN-4078-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"It was discovered that OpenLDAP incorrectly handled rootDN delegation.
A database administrator could use this issue to request authorization
as an identity from another database, contrary to expectations.
(CVE-2019-13057)
It was discovered that OpenLDAP incorrectly handled SASL
authentication and session encryption. After a first SASL bind was
completed, it was possible to obtain access by performing simple
binds, contrary to expectations. (CVE-2019-13565).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4078-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13565");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/26");
script_set_attribute(attribute:"patch_publication_date", value:"2019/07/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:slapd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:slapd-smbk5pwd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ldap-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libldap-2.4-2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libldap-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libldap2-dev");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '16.04', 'pkgname': 'ldap-utils', 'pkgver': '2.4.42+dfsg-2ubuntu3.6'},
{'osver': '16.04', 'pkgname': 'libldap-2.4-2', 'pkgver': '2.4.42+dfsg-2ubuntu3.6'},
{'osver': '16.04', 'pkgname': 'libldap2-dev', 'pkgver': '2.4.42+dfsg-2ubuntu3.6'},
{'osver': '16.04', 'pkgname': 'slapd', 'pkgver': '2.4.42+dfsg-2ubuntu3.6'},
{'osver': '16.04', 'pkgname': 'slapd-smbk5pwd', 'pkgver': '2.4.42+dfsg-2ubuntu3.6'},
{'osver': '18.04', 'pkgname': 'ldap-utils', 'pkgver': '2.4.45+dfsg-1ubuntu1.3'},
{'osver': '18.04', 'pkgname': 'libldap-2.4-2', 'pkgver': '2.4.45+dfsg-1ubuntu1.3'},
{'osver': '18.04', 'pkgname': 'libldap-common', 'pkgver': '2.4.45+dfsg-1ubuntu1.3'},
{'osver': '18.04', 'pkgname': 'libldap2-dev', 'pkgver': '2.4.45+dfsg-1ubuntu1.3'},
{'osver': '18.04', 'pkgname': 'slapd', 'pkgver': '2.4.45+dfsg-1ubuntu1.3'},
{'osver': '18.04', 'pkgname': 'slapd-smbk5pwd', 'pkgver': '2.4.45+dfsg-1ubuntu1.3'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ldap-utils / libldap-2.4-2 / libldap-common / libldap2-dev / slapd / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | slapd | p-cpe:/a:canonical:ubuntu_linux:slapd |
| canonical | ubuntu_linux | slapd-smbk5pwd | p-cpe:/a:canonical:ubuntu_linux:slapd-smbk5pwd |
| canonical | ubuntu_linux | 16.04 | cpe:/o:canonical:ubuntu_linux:16.04:-:lts |
| canonical | ubuntu_linux | 18.04 | cpe:/o:canonical:ubuntu_linux:18.04:-:lts |
| canonical | ubuntu_linux | ldap-utils | p-cpe:/a:canonical:ubuntu_linux:ldap-utils |
| canonical | ubuntu_linux | libldap-2.4-2 | p-cpe:/a:canonical:ubuntu_linux:libldap-2.4-2 |
| canonical | ubuntu_linux | libldap-common | p-cpe:/a:canonical:ubuntu_linux:libldap-common |
| canonical | ubuntu_linux | libldap2-dev | p-cpe:/a:canonical:ubuntu_linux:libldap2-dev |
Related
nessus
nessus
SUSE SLES11 Security Update : openldap2 (SUSE-SU-2020:14353-1)
2021-06-10 00:00:00
SUSE SLED12 / SLES12 Security Update : openldap2 (SUSE-SU-2019:2390-1)
2019-09-18 00:00:00
Debian DLA-1891-1 : openldap security update
2019-08-20 00:00:00
ubuntu
ubuntu
OpenLDAP vulnerabilities
2019-07-30 00:00:00
OpenLDAP vulnerabilities
2019-08-19 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4078-1)
2019-07-31 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2390-1)
2021-04-19 00:00:00
Debian: Security Advisory (DLA-1891-1)
2019-08-20 00:00:00
osv
osv
openldap - security update
2019-08-18 00:00:00
CVE-2019-13057
2019-07-26 13:15:12
CVE-2019-13565
2019-07-26 13:15:12
mageia
mageia
Updated openldap packages fix security vulnerabilities
2019-09-15 17:45:31
debian
debian
[SECURITY] [DLA 1891-1] openldap security update
2019-08-18 22:47:34
suse
suse
Security update for openldap2 (moderate)
2019-09-24 00:00:00
Security update for openldap2 (moderate)
2019-09-24 00:00:00
prion
prion
Authorization
2019-07-26 13:15:00
Authorization
2019-07-26 13:15:00
redhatcve
redhatcve
CVE-2019-13565
2019-08-08 11:52:17
CVE-2019-13057
2020-04-07 17:01:07
ubuntucve
ubuntucve
CVE-2019-13565
2019-07-26 00:00:00
CVE-2019-13057
2019-07-26 00:00:00
f5
f5
OpenLDAP vulnerability CVE-2019-13565
2019-10-14 21:42:00
cve
cve
CVE-2019-13565
2019-07-26 13:15:00
CVE-2019-13057
2019-07-26 13:15:00
debiancve
debiancve
CVE-2019-13565
2019-07-26 13:15:00
CVE-2019-13057
2019-07-26 13:15:00
alpinelinux
alpinelinux
CVE-2019-13565
2019-07-26 13:15:00
CVE-2019-13057
2019-07-26 13:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1935
2021-07-02 17:36:08
amazon
amazon
Important: openldap
2023-04-27 18:37:00
Important: openldap
2023-04-27 16:19:00
apple
apple
ibm
ibm
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
Related for UBUNTU_USN-4078-1.NASL