Search...

Oracle Linux Local Check: ELSA-2010-0198

2015-10-06T00:00:00

ID OPENVAS:1361412562310122377
Type openvas
Reporter Eero Volotinen
Modified 2018-09-28T00:00:00

Description

Oracle Linux Local Security Checks ELSA-2010-0198

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: ELSA-2010-0198.nasl 11688 2018-09-28 13:36:28Z cfischer $
#
# Oracle Linux Local Check
#
# Authors:
# Eero Volotinen &lt;eero.volotinen@solinor.com&gt;
#
# Copyright:
# Copyright (c) 2015 Eero Volotinen, http://solinor.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.122377");
  script_version("$Revision: 11688 $");
  script_tag(name:"creation_date", value:"2015-10-06 14:17:46 +0300 (Tue, 06 Oct 2015)");
  script_tag(name:"last_modification", value:"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $");
  script_name("Oracle Linux Local Check: ELSA-2010-0198");
  script_tag(name:"insight", value:"ELSA-2010-0198 - openldap security and bug fix update. Please see the references for more insight.");
  script_tag(name:"solution", value:"Update the affected packages to the latest available version.");
  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"summary", value:"Oracle Linux Local Security Checks ELSA-2010-0198");
  script_xref(name:"URL", value:"http://linux.oracle.com/errata/ELSA-2010-0198.html");
  script_cve_id("CVE-2009-3767");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"qod_type", value:"package");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/oracle_linux", "ssh/login/release", re:"ssh/login/release=OracleLinux5");
  script_category(ACT_GATHER_INFO);
  script_copyright("Eero Volotinen");
  script_family("Oracle Linux Local Security Checks");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release) exit(0);

res = "";

if(release == "OracleLinux5")
{
  if ((res = isrpmvuln(pkg:"compat-openldap", rpm:"compat-openldap~2.3.43_2.2.29~12.el5", rls:"OracleLinux5")) != NULL) {
    security_message(data:res);
    exit(0);
  }
  if ((res = isrpmvuln(pkg:"openldap", rpm:"openldap~2.3.43~12.el5", rls:"OracleLinux5")) != NULL) {
    security_message(data:res);
    exit(0);
  }
  if ((res = isrpmvuln(pkg:"openldap-clients", rpm:"openldap-clients~2.3.43~12.el5", rls:"OracleLinux5")) != NULL) {
    security_message(data:res);
    exit(0);
  }
  if ((res = isrpmvuln(pkg:"openldap-devel", rpm:"openldap-devel~2.3.43~12.el5", rls:"OracleLinux5")) != NULL) {
    security_message(data:res);
    exit(0);
  }
  if ((res = isrpmvuln(pkg:"openldap-servers", rpm:"openldap-servers~2.3.43~12.el5", rls:"OracleLinux5")) != NULL) {
    security_message(data:res);
    exit(0);
  }
  if ((res = isrpmvuln(pkg:"openldap-servers-overlays", rpm:"openldap-servers-overlays~2.3.43~12.el5", rls:"OracleLinux5")) != NULL) {
    security_message(data:res);
    exit(0);
  }
  if ((res = isrpmvuln(pkg:"openldap-servers-sql", rpm:"openldap-servers-sql~2.3.43~12.el5", rls:"OracleLinux5")) != NULL) {
    security_message(data:res);
    exit(0);
  }

}
if (__pkg_match) exit(99);
  exit(0);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310122377", "type": "openvas", "bulletinFamily": "scanner", "title": "Oracle Linux Local Check: ELSA-2010-0198", "description": "Oracle Linux Local Security Checks ELSA-2010-0198", "published": "2015-10-06T00:00:00", "modified": "2018-09-28T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122377", "reporter": "Eero Volotinen", "references": ["http://linux.oracle.com/errata/ELSA-2010-0198.html"], "cvelist": ["CVE-2009-3767"], "lastseen": "2019-05-29T18:37:06", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3767"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310870253", "OPENVAS:870253", "OPENVAS:1361412562310830852", "OPENVAS:1361412562310870293", "OPENVAS:66455", "OPENVAS:66271", "OPENVAS:861753", "OPENVAS:136141256231066455", "OPENVAS:870293", "OPENVAS:1361412562310861753"]}, {"type": "ubuntu", "idList": ["USN-858-1"]}, {"type": "freebsd", "idList": ["ABAD20BF-C1B4-11E3-A5AC-001B21614864"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0198", "ELSA-2010-0543"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2010-0543.NASL", "CENTOS_RHSA-2010-0543.NASL", "DEBIAN_DSA-1943.NASL", "REDHAT-RHSA-2010-0198.NASL", "FEDORA_2010-0752.NASL", "MANDRIVA_MDVSA-2010-026.NASL", "SL_20100330_OPENLDAP_ON_SL5_X.NASL", "UBUNTU_USN-858-1.NASL", "REDHAT-RHSA-2010-0543.NASL", "FREEBSD_PKG_ABAD20BFC1B411E3A5AC001B21614864.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10404", "SECURITYVULNS:DOC:22791"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1943-1:4209E"]}, {"type": "seebug", "idList": ["SSV:12522"]}, {"type": "redhat", "idList": ["RHSA-2010:0543", "RHSA-2010:0476", "RHSA-2010:0198"]}, {"type": "fedora", "idList": ["FEDORA:0AF8111121D"]}, {"type": "centos", "idList": ["CESA-2010:0543"]}, {"type": "vmware", "idList": ["VMSA-2010-0015"]}, {"type": "gentoo", "idList": ["GLSA-201406-36"]}], "modified": "2019-05-29T18:37:06", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2019-05-29T18:37:06", "rev": 2}, "vulnersScore": 5.3}, "pluginID": "1361412562310122377", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0198.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122377\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:46 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0198\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0198 - openldap security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0198\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0198.html\");\n script_cve_id(\"CVE-2009-3767\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"compat-openldap\", rpm:\"compat-openldap~2.3.43_2.2.29~12.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.3.43~12.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.3.43~12.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.3.43~12.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.3.43~12.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-servers-overlays\", rpm:\"openldap-servers-overlays~2.3.43~12.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.3.43~12.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "naslFamily": "Oracle Linux Local Security Checks", "immutableFields": []}

{"cve": [{"lastseen": "2021-04-21T20:47:57", "description": "libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", "edition": 8, "cvss3": {}, "published": "2009-10-23T19:30:00", "title": "CVE-2009-3767", "type": "cve", "cwe": ["CWE-295"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3767"], "modified": "2020-10-14T17:13:00", "cpe": ["cpe:/o:fedoraproject:fedora:11"], "id": "CVE-2009-3767", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3767", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-12-04T11:27:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767"], "description": "The remote host is missing an update to openldap2.2\nannounced via advisory USN-858-1.", "modified": "2017-12-01T00:00:00", "published": "2009-11-17T00:00:00", "id": "OPENVAS:66271", "href": "http://plugins.openvas.org/nasl.php?oid=66271", "type": "openvas", "title": "Ubuntu USN-858-1 (openldap2.2)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_858_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_858_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-858-1 (openldap2.2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libldap-2.2-7 2.2.26-5ubuntu2.9\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-858-1\";\n\ntag_insight = \"It was discovered that OpenLDAP did not correctly handle SSL certificates\nwith zero bytes in the Common Name. A remote attacker could exploit this to\nperform a man in the middle attack to view sensitive information or alter\nencrypted communications.\";\ntag_summary = \"The remote host is missing an update to openldap2.2\nannounced via advisory USN-858-1.\";\n\n \n\n\nif(description)\n{\n script_id(66271);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-3767\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu USN-858-1 (openldap2.2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-858-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ldap-utils\", ver:\"2.2.26-5ubuntu2.9\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap-2.2-7\", ver:\"2.2.26-5ubuntu2.9\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.2.26-5ubuntu2.9\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767"], "description": "The remote host is missing an update to openldap openldap2.3\nannounced via advisory DSA 1943-1.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:136141256231066455", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066455", "type": "openvas", "title": "Debian Security Advisory DSA 1943-1 (openldap openldap2.3)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1943_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1943-1 (openldap openldap2.3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that OpenLDAP, a free implementation of the Lightweight\nDirectory Access Protocol, when OpenSSL is used, does not properly handle a '\\0'\ncharacter in a domain name in the subject's Common Name (CN) field of an X.509\ncertificate, which allows man-in-the-middle attackers to spoof arbitrary SSL\nservers via a crafted certificate issued by a legitimate Certification Authority.\n\nFor the oldstable distribution (etch), this problem has been fixed in version\n2.3.30-5+etch3 for openldap2.3.\n\nFor the stable distribution (lenny), this problem has been fixed in version\n2.4.11-1+lenny1 for openldap.\n\nFor the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem has been fixed in version 2.4.17-2.1 for openldap.\n\n\nWe recommend that you upgrade your openldap2.3/openldap packages.\";\ntag_summary = \"The remote host is missing an update to openldap openldap2.3\nannounced via advisory DSA 1943-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201943-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66455\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3767\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1943-1 (openldap openldap2.3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libldap-2.3-0\", ver:\"2.3.30-5+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.3.30-5+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ldap-utils\", ver:\"2.3.30-5+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slapd-dbg\", ver:\"2.4.11-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap-2.4-2\", ver:\"2.4.11-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ldap-utils\", ver:\"2.4.11-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.4.11-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap2-dev\", ver:\"2.4.11-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap-2.4-2-dbg\", ver:\"2.4.11-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:05:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767"], "description": "Check for the Version of openldap", "modified": "2018-01-25T00:00:00", "published": "2010-03-05T00:00:00", "id": "OPENVAS:1361412562310861753", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861753", "type": "openvas", "title": "Fedora Update for openldap FEDORA-2010-0752", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openldap FEDORA-2010-0752\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openldap on Fedora 11\";\ntag_insight = \"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\n Protocol) applications and development tools. LDAP is a set of\n protocols for accessing directory services (usually phone book style\n information, but other information is possible) over the Internet,\n similar to the way DNS (Domain Name System) information is propagated\n over the Internet. The openldap package contains configuration files,\n libraries, and documentation for OpenLDAP.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861753\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-05 12:48:43 +0100 (Fri, 05 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-0752\");\n script_cve_id(\"CVE-2009-3767\");\n script_name(\"Fedora Update for openldap FEDORA-2010-0752\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.15~7.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:04:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767"], "description": "Check for the Version of openldap", "modified": "2018-01-17T00:00:00", "published": "2010-04-06T00:00:00", "id": "OPENVAS:1361412562310870253", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870253", "type": "openvas", "title": "RedHat Update for openldap RHSA-2010:0198-04", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openldap RHSA-2010:0198-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\n Protocol) applications and development tools.\n\n A flaw was found in the way OpenLDAP handled NUL characters in the\n CommonName field of X.509 certificates. An attacker able to get a\n carefully-crafted certificate signed by a trusted Certificate Authority\n could trick applications using OpenLDAP libraries into accepting it by\n mistake, allowing the attacker to perform a man-in-the-middle attack.\n (CVE-2009-3767)\n \n This update also fixes the following bugs:\n \n * the ldap init script did not provide a way to alter system limits for the\n slapd daemon. A variable is now available in "/etc/sysconfig/ldap" for this\n option. (BZ#527313)\n \n * applications that use the OpenLDAP libraries to contact a Microsoft\n Active Directory server could crash when a large number of network\n interfaces existed. This update implements locks in the OpenLDAP library\n code to resolve this issue. (BZ#510522)\n \n * when slapd was configured to allow client certificates, approximately 90%\n of connections froze because of a large CA certificate file and slapd not\n checking the success of the SSL handshake. (BZ#509230)\n \n * the OpenLDAP server would freeze for unknown reasons under high load.\n These packages add support for accepting incoming connections by new\n threads, resolving the issue. (BZ#507276)\n \n * the compat-openldap libraries did not list dependencies on other\n libraries, causing programs that did not specifically specify the libraries\n to fail. Detection of the Application Binary Interface (ABI) in use on\n 64-bit systems has been added with this update. (BZ#503734)\n \n * the OpenLDAP libraries caused applications to crash due to an unprocessed\n network timeout. A timeval of -1 is now passed when NULL is passed to LDAP.\n (BZ#495701)\n \n * slapd could crash on a server under heavy load when using rwm overlay,\n caused by freeing non-allocated memory during operation cleanup.\n (BZ#495628)\n \n * the ldap init script made a temporary script in "/tmp/" and attempted to\n execute it. Problems arose when "/tmp/" was mounted with the noexec option.\n The temporary script is no longer created. (BZ#483356)\n \n * the ldap init script always started slapd listening on ldap:/// even if\n instructed to listen only on ldaps:///. By correcting the init script, a\n user can now select which ports slapd should listen on. (BZ#481003)\n \n * the slapd manual page did not mention the supported options -V and -o.\n (BZ#468206)\n \n * slapd.conf had a commented-out op ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"openldap on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-March/msg00031.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870253\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0198-04\");\n script_cve_id(\"CVE-2009-3767\");\n script_name(\"RedHat Update for openldap RHSA-2010:0198-04\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-openldap\", rpm:\"compat-openldap~2.3.43_2.2.29~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-debuginfo\", rpm:\"openldap-debuginfo~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-overlays\", rpm:\"openldap-servers-overlays~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:32:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767"], "description": "Check for the Version of openldap", "modified": "2017-12-20T00:00:00", "published": "2010-04-06T00:00:00", "id": "OPENVAS:870253", "href": "http://plugins.openvas.org/nasl.php?oid=870253", "type": "openvas", "title": "RedHat Update for openldap RHSA-2010:0198-04", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openldap RHSA-2010:0198-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\n Protocol) applications and development tools.\n\n A flaw was found in the way OpenLDAP handled NUL characters in the\n CommonName field of X.509 certificates. An attacker able to get a\n carefully-crafted certificate signed by a trusted Certificate Authority\n could trick applications using OpenLDAP libraries into accepting it by\n mistake, allowing the attacker to perform a man-in-the-middle attack.\n (CVE-2009-3767)\n \n This update also fixes the following bugs:\n \n * the ldap init script did not provide a way to alter system limits for the\n slapd daemon. A variable is now available in "/etc/sysconfig/ldap" for this\n option. (BZ#527313)\n \n * applications that use the OpenLDAP libraries to contact a Microsoft\n Active Directory server could crash when a large number of network\n interfaces existed. This update implements locks in the OpenLDAP library\n code to resolve this issue. (BZ#510522)\n \n * when slapd was configured to allow client certificates, approximately 90%\n of connections froze because of a large CA certificate file and slapd not\n checking the success of the SSL handshake. (BZ#509230)\n \n * the OpenLDAP server would freeze for unknown reasons under high load.\n These packages add support for accepting incoming connections by new\n threads, resolving the issue. (BZ#507276)\n \n * the compat-openldap libraries did not list dependencies on other\n libraries, causing programs that did not specifically specify the libraries\n to fail. Detection of the Application Binary Interface (ABI) in use on\n 64-bit systems has been added with this update. (BZ#503734)\n \n * the OpenLDAP libraries caused applications to crash due to an unprocessed\n network timeout. A timeval of -1 is now passed when NULL is passed to LDAP.\n (BZ#495701)\n \n * slapd could crash on a server under heavy load when using rwm overlay,\n caused by freeing non-allocated memory during operation cleanup.\n (BZ#495628)\n \n * the ldap init script made a temporary script in "/tmp/" and attempted to\n execute it. Problems arose when "/tmp/" was mounted with the noexec option.\n The temporary script is no longer created. (BZ#483356)\n \n * the ldap init script always started slapd listening on ldap:/// even if\n instructed to listen only on ldaps:///. By correcting the init script, a\n user can now select which ports slapd should listen on. (BZ#481003)\n \n * the slapd manual page did not mention the supported options -V and -o.\n (BZ#468206)\n \n * slapd.conf had a commented-out op ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"openldap on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-March/msg00031.html\");\n script_id(870253);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0198-04\");\n script_cve_id(\"CVE-2009-3767\");\n script_name(\"RedHat Update for openldap RHSA-2010:0198-04\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-openldap\", rpm:\"compat-openldap~2.3.43_2.2.29~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-debuginfo\", rpm:\"openldap-debuginfo~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-overlays\", rpm:\"openldap-servers-overlays~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.3.43~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767"], "description": "Check for the Version of openldap", "modified": "2017-12-25T00:00:00", "published": "2010-03-05T00:00:00", "id": "OPENVAS:861753", "href": "http://plugins.openvas.org/nasl.php?oid=861753", "type": "openvas", "title": "Fedora Update for openldap FEDORA-2010-0752", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openldap FEDORA-2010-0752\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openldap on Fedora 11\";\ntag_insight = \"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\n Protocol) applications and development tools. LDAP is a set of\n protocols for accessing directory services (usually phone book style\n information, but other information is possible) over the Internet,\n similar to the way DNS (Domain Name System) information is propagated\n over the Internet. The openldap package contains configuration files,\n libraries, and documentation for OpenLDAP.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html\");\n script_id(861753);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-05 12:48:43 +0100 (Fri, 05 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-0752\");\n script_cve_id(\"CVE-2009-3767\");\n script_name(\"Fedora Update for openldap FEDORA-2010-0752\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.15~7.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767"], "description": "The remote host is missing an update to openldap openldap2.3\nannounced via advisory DSA 1943-1.", "modified": "2017-07-07T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:66455", "href": "http://plugins.openvas.org/nasl.php?oid=66455", "type": "openvas", "title": "Debian Security Advisory DSA 1943-1 (openldap openldap2.3)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1943_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1943-1 (openldap openldap2.3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that OpenLDAP, a free implementation of the Lightweight\nDirectory Access Protocol, when OpenSSL is used, does not properly handle a '\\0'\ncharacter in a domain name in the subject's Common Name (CN) field of an X.509\ncertificate, which allows man-in-the-middle attackers to spoof arbitrary SSL\nservers via a crafted certificate issued by a legitimate Certification Authority.\n\nFor the oldstable distribution (etch), this problem has been fixed in version\n2.3.30-5+etch3 for openldap2.3.\n\nFor the stable distribution (lenny), this problem has been fixed in version\n2.4.11-1+lenny1 for openldap.\n\nFor the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem has been fixed in version 2.4.17-2.1 for openldap.\n\n\nWe recommend that you upgrade your openldap2.3/openldap packages.\";\ntag_summary = \"The remote host is missing an update to openldap openldap2.3\nannounced via advisory DSA 1943-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201943-1\";\n\n\nif(description)\n{\n script_id(66455);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3767\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1943-1 (openldap openldap2.3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libldap-2.3-0\", ver:\"2.3.30-5+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.3.30-5+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ldap-utils\", ver:\"2.3.30-5+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slapd-dbg\", ver:\"2.4.11-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap-2.4-2\", ver:\"2.4.11-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ldap-utils\", ver:\"2.4.11-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.4.11-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap2-dev\", ver:\"2.4.11-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap-2.4-2-dbg\", ver:\"2.4.11-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767", "CVE-2010-0211"], "description": "Check for the Version of openldap", "modified": "2017-12-27T00:00:00", "published": "2010-07-23T00:00:00", "id": "OPENVAS:1361412562310870293", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870293", "type": "openvas", "title": "RedHat Update for openldap RHSA-2010:0543-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openldap RHSA-2010:0543-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\n Protocol) applications and development tools.\n\n An uninitialized pointer use flaw was discovered in the way the slapd\n daemon handled modify relative distinguished name (modrdn) requests. An\n authenticated user with privileges to perform modrdn operations could use\n this flaw to crash the slapd daemon via specially-crafted modrdn requests.\n (CVE-2010-0211)\n \n Red Hat would like to thank CERT-FI for responsibly reporting the\n CVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salomki for the\n discovery of the issue.\n \n A flaw was found in the way OpenLDAP handled NUL characters in the\n CommonName field of X.509 certificates. An attacker able to get a\n carefully-crafted certificate signed by a trusted Certificate Authority\n could trick applications using OpenLDAP libraries into accepting it by\n mistake, allowing the attacker to perform a man-in-the-middle attack.\n (CVE-2009-3767)\n \n Users of OpenLDAP should upgrade to these updated packages, which contain\n backported patches to resolve these issues. After installing this update,\n the OpenLDAP daemons will be restarted automatically.\";\n\ntag_affected = \"openldap on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00010.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870293\");\n script_version(\"$Revision: 8250 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 08:29:15 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0543-01\");\n script_cve_id(\"CVE-2009-3767\", \"CVE-2010-0211\");\n script_name(\"RedHat Update for openldap RHSA-2010:0543-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-openldap\", rpm:\"compat-openldap~2.1.30~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.2.13~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.2.13~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-debuginfo\", rpm:\"openldap-debuginfo~2.2.13~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.2.13~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.2.13~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.2.13~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767", "CVE-2010-0211"], "description": "Check for the Version of openldap", "modified": "2017-12-13T00:00:00", "published": "2010-07-23T00:00:00", "id": "OPENVAS:870293", "href": "http://plugins.openvas.org/nasl.php?oid=870293", "type": "openvas", "title": "RedHat Update for openldap RHSA-2010:0543-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openldap RHSA-2010:0543-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\n Protocol) applications and development tools.\n\n An uninitialized pointer use flaw was discovered in the way the slapd\n daemon handled modify relative distinguished name (modrdn) requests. An\n authenticated user with privileges to perform modrdn operations could use\n this flaw to crash the slapd daemon via specially-crafted modrdn requests.\n (CVE-2010-0211)\n \n Red Hat would like to thank CERT-FI for responsibly reporting the\n CVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salomki for the\n discovery of the issue.\n \n A flaw was found in the way OpenLDAP handled NUL characters in the\n CommonName field of X.509 certificates. An attacker able to get a\n carefully-crafted certificate signed by a trusted Certificate Authority\n could trick applications using OpenLDAP libraries into accepting it by\n mistake, allowing the attacker to perform a man-in-the-middle attack.\n (CVE-2009-3767)\n \n Users of OpenLDAP should upgrade to these updated packages, which contain\n backported patches to resolve these issues. After installing this update,\n the OpenLDAP daemons will be restarted automatically.\";\n\ntag_affected = \"openldap on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00010.html\");\n script_id(870293);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-23 16:10:25 +0200 (Fri, 23 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0543-01\");\n script_cve_id(\"CVE-2009-3767\", \"CVE-2010-0211\");\n script_name(\"RedHat Update for openldap RHSA-2010:0543-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-openldap\", rpm:\"compat-openldap~2.1.30~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.2.13~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.2.13~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-debuginfo\", rpm:\"openldap-debuginfo~2.2.13~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.2.13~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.2.13~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.2.13~12.el4_8.3\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-23T13:05:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767", "CVE-2009-2408"], "description": "Check for the Version of openldap", "modified": "2018-01-23T00:00:00", "published": "2010-01-29T00:00:00", "id": "OPENVAS:1361412562310830852", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830852", "type": "openvas", "title": "Mandriva Update for openldap MDVSA-2010:026 (openldap)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openldap MDVSA-2010:026 (openldap)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in openldap:\n\n libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does\n not properly handle a \\'\\0\\' (NUL) character in a domain name in\n the subject's Common Name (CN) field of an X.509 certificate, which\n allows man-in-the-middle attackers to spoof arbitrary SSL servers via\n a crafted certificate issued by a legitimate Certification Authority,\n a related issue to CVE-2009-2408 (CVE-2009-3767).\n \n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers.\n \n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"openldap on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-01/msg00076.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830852\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-29 14:09:25 +0100 (Fri, 29 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:026\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-3767\");\n script_name(\"Mandriva Update for openldap MDVSA-2010:026 (openldap)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libldap2.3_0\", rpm:\"libldap2.3_0~2.3.38~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.3_0-devel\", rpm:\"libldap2.3_0-devel~2.3.38~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.3_0-static-devel\", rpm:\"libldap2.3_0-static-devel~2.3.38~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.3.38~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.3.38~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-doc\", rpm:\"openldap-doc~2.3.38~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.3.38~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-testprogs\", rpm:\"openldap-testprogs~2.3.38~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-tests\", rpm:\"openldap-tests~2.3.38~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.3_0\", rpm:\"lib64ldap2.3_0~2.3.38~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.3_0-devel\", rpm:\"lib64ldap2.3_0-devel~2.3.38~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.3_0-static-devel\", rpm:\"lib64ldap2.3_0-static-devel~2.3.38~3.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2\", rpm:\"libldap2.4_2~2.4.11~3.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-devel\", rpm:\"libldap2.4_2-devel~2.4.11~3.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-static-devel\", rpm:\"libldap2.4_2-static-devel~2.4.11~3.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.11~3.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.11~3.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-doc\", rpm:\"openldap-doc~2.4.11~3.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.11~3.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-testprogs\", rpm:\"openldap-testprogs~2.4.11~3.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-tests\", rpm:\"openldap-tests~2.4.11~3.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2\", rpm:\"lib64ldap2.4_2~2.4.11~3.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-devel\", rpm:\"lib64ldap2.4_2-devel~2.4.11~3.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-static-devel\", rpm:\"lib64ldap2.4_2-static-devel~2.4.11~3.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2\", rpm:\"libldap2.4_2~2.4.16~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-devel\", rpm:\"libldap2.4_2-devel~2.4.16~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-static-devel\", rpm:\"libldap2.4_2-static-devel~2.4.16~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.16~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.16~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-doc\", rpm:\"openldap-doc~2.4.16~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.16~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-testprogs\", rpm:\"openldap-testprogs~2.4.16~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-tests\", rpm:\"openldap-tests~2.4.16~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2\", rpm:\"lib64ldap2.4_2~2.4.16~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-devel\", rpm:\"lib64ldap2.4_2-devel~2.4.16~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-static-devel\", rpm:\"lib64ldap2.4_2-static-devel~2.4.16~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2\", rpm:\"libldap2.4_2~2.4.11~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-devel\", rpm:\"libldap2.4_2-devel~2.4.11~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-static-devel\", rpm:\"libldap2.4_2-static-devel~2.4.11~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.11~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.11~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-doc\", rpm:\"openldap-doc~2.4.11~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.11~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-testprogs\", rpm:\"openldap-testprogs~2.4.11~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-tests\", rpm:\"openldap-tests~2.4.11~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2\", rpm:\"lib64ldap2.4_2~2.4.11~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-devel\", rpm:\"lib64ldap2.4_2-devel~2.4.11~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-static-devel\", rpm:\"lib64ldap2.4_2-static-devel~2.4.11~3.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-3767"], "description": "===========================================================\r\nUbuntu Security Notice USN-858-1 November 12, 2009\r\nopenldap2.2 vulnerability\r\nCVE-2009-3767\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n libldap-2.2-7 2.2.26-5ubuntu2.9\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that OpenLDAP did not correctly handle SSL certificates\r\nwith zero bytes in the Common Name. A remote attacker could exploit this to\r\nperform a man in the middle attack to view sensitive information or alter\r\nencrypted communications.\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.diff.gz\r\n Size/MD5: 516098 098a03b4f7d511ce730e9647deca2072\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.dsc\r\n Size/MD5: 1028 5a95dae94a1016fbcf41c1c1992ea8e6\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz\r\n Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_amd64.deb\r\n Size/MD5: 130854 1f1b40b12adcb557a810194d0c4f7993\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_amd64.deb\r\n Size/MD5: 166444 500528d10502361c075a08578c1586f5\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_amd64.deb\r\n Size/MD5: 961974 f56eef919306d6ca7f4a7a090d2ae6ba\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_i386.deb\r\n Size/MD5: 118638 0558a833fb6eadf4d87bd9fd6e687838\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_i386.deb\r\n Size/MD5: 146444 fc85d5259c97622324047bbda153937d\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_i386.deb\r\n Size/MD5: 873424 358c78f76ee16010c1fb81e89adfe849\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_powerpc.deb\r\n Size/MD5: 133012 92d9de435a795261e6bf4143f2bf59c7\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_powerpc.deb\r\n Size/MD5: 157480 099b1ee5e158f77be109a7972587f596\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_powerpc.deb\r\n Size/MD5: 960052 850fb56995224edd6ae329af1b8236ef\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_sparc.deb\r\n Size/MD5: 120932 4fa0f7accd968ba71dff1f7c5b2ef811\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_sparc.deb\r\n Size/MD5: 148546 2d1af209a8b53a8315fbd4bd86573d70\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_sparc.deb\r\n Size/MD5: 903928 4aa6b0478821e803c80a020b031aafed\r\n\r\n\r\n", "edition": 1, "modified": "2009-11-13T00:00:00", "published": "2009-11-13T00:00:00", "id": "SECURITYVULNS:DOC:22791", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22791", "title": "[USN-858-1] OpenLDAP vulnerability", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T19:08:05", "bulletinFamily": "software", "cvelist": ["CVE-2009-3767"], "description": "zero byte in common name is handled incorrectly.", "edition": 2, "modified": "2009-11-13T00:00:00", "published": "2009-11-13T00:00:00", "id": "SECURITYVULNS:VULN:10404", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10404", "title": "OpenLDAP certificate spoofing", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2020-10-15T10:03:40", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3767"], "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA flaw was found in the way OpenLDAP handled NUL characters in the\nCommonName field of X.509 certificates. An attacker able to get a\ncarefully-crafted certificate signed by a trusted Certificate Authority\ncould trick applications using OpenLDAP libraries into accepting it by\nmistake, allowing the attacker to perform a man-in-the-middle attack.\n(CVE-2009-3767)\n\nThis update also fixes the following bugs:\n\n* the ldap init script did not provide a way to alter system limits for the\nslapd daemon. A variable is now available in \"/etc/sysconfig/ldap\" for this\noption. (BZ#527313)\n\n* applications that use the OpenLDAP libraries to contact a Microsoft\nActive Directory server could crash when a large number of network\ninterfaces existed. This update implements locks in the OpenLDAP library\ncode to resolve this issue. (BZ#510522)\n\n* when slapd was configured to allow client certificates, approximately 90%\nof connections froze because of a large CA certificate file and slapd not\nchecking the success of the SSL handshake. (BZ#509230)\n\n* the OpenLDAP server would freeze for unknown reasons under high load.\nThese packages add support for accepting incoming connections by new\nthreads, resolving the issue. (BZ#507276)\n\n* the compat-openldap libraries did not list dependencies on other\nlibraries, causing programs that did not specifically specify the libraries\nto fail. Detection of the Application Binary Interface (ABI) in use on\n64-bit systems has been added with this update. (BZ#503734)\n\n* the OpenLDAP libraries caused applications to crash due to an unprocessed\nnetwork timeout. A timeval of -1 is now passed when NULL is passed to LDAP.\n(BZ#495701)\n\n* slapd could crash on a server under heavy load when using rwm overlay,\ncaused by freeing non-allocated memory during operation cleanup.\n(BZ#495628)\n\n* the ldap init script made a temporary script in \"/tmp/\" and attempted to\nexecute it. Problems arose when \"/tmp/\" was mounted with the noexec option.\nThe temporary script is no longer created. (BZ#483356)\n\n* the ldap init script always started slapd listening on ldap:/// even if\ninstructed to listen only on ldaps:///. By correcting the init script, a\nuser can now select which ports slapd should listen on. (BZ#481003)\n\n* the slapd manual page did not mention the supported options -V and -o.\n(BZ#468206)\n\n* slapd.conf had a commented-out option to load the syncprov.la module.\nOnce un-commented, slapd crashed at start-up because the module had already\nbeen statically linked to OpenLDAP. This update removes \"moduleload\nsyncprov.la\" from slapd.conf, which resolves this issue. (BZ#466937)\n\n* the migrate_automount.pl script produced output that was unsupported by\nautofs. This is corrected by updating the output LDIF format for automount\nrecords. (BZ#460331)\n\n* the ldap init script uses the TERM signal followed by the KILL signal\nwhen shutting down slapd. Minimal delay between the two signals could cause\nthe LDAP database to become corrupted if it had not finished saving its\nstate. A delay between the signals has been added via the \"STOP_DELAY\"\noption in \"/etc/sysconfig/ldap\". (BZ#452064)\n\n* the migrate_passwd.pl migration script had a problem when number fields\ncontained only a zero. Such fields were considered to be empty, leading to\nthe attribute not being set in the LDIF output. The condition in\ndump_shadow_attributes has been corrected to allow for the attributes to\ncontain only a zero. (BZ#113857)\n\n* the migrate_base.pl migration script did not handle third level domains\ncorrectly, creating a second level domain that could not be held by a\ndatabase with a three level base. This is now allowed by modifying the\nmigrate_base.pl script to generate only one domain. (BZ#104585)\n\nUsers of OpenLDAP should upgrade to these updated packages, which resolve\nthese issues.", "modified": "2017-09-08T12:11:02", "published": "2010-03-30T04:00:00", "id": "RHSA-2010:0198", "href": "https://access.redhat.com/errata/RHSA-2010:0198", "type": "redhat", "title": "(RHSA-2010:0198) Moderate: openldap security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-10-15T10:03:02", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3767", "CVE-2010-0211"], "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nAn uninitialized pointer use flaw was discovered in the way the slapd\ndaemon handled modify relative distinguished name (modrdn) requests. An\nauthenticated user with privileges to perform modrdn operations could use\nthis flaw to crash the slapd daemon via specially-crafted modrdn requests.\n(CVE-2010-0211)\n\nRed Hat would like to thank CERT-FI for responsibly reporting the\nCVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salom\u00e4ki for the\ndiscovery of the issue.\n\nA flaw was found in the way OpenLDAP handled NUL characters in the\nCommonName field of X.509 certificates. An attacker able to get a\ncarefully-crafted certificate signed by a trusted Certificate Authority\ncould trick applications using OpenLDAP libraries into accepting it by\nmistake, allowing the attacker to perform a man-in-the-middle attack.\n(CVE-2009-3767)\n\nUsers of OpenLDAP should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing this update,\nthe OpenLDAP daemons will be restarted automatically.\n", "modified": "2017-09-08T11:57:12", "published": "2010-07-20T04:00:00", "id": "RHSA-2010:0543", "href": "https://access.redhat.com/errata/RHSA-2010:0543", "type": "redhat", "title": "(RHSA-2010:0543) Moderate: openldap security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-11T13:30:47", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1189", "CVE-2009-3767", "CVE-2010-0307", "CVE-2010-0410", "CVE-2010-0426", "CVE-2010-0427", "CVE-2010-0430", "CVE-2010-0730", "CVE-2010-0741", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1163", "CVE-2010-2223"], "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way QEMU-KVM handled erroneous data provided by the\nLinux virtio-net driver, used by guest operating systems. Due to a\ndeficiency in the TSO (TCP segment offloading) implementation, a guest's\nvirtio-net driver would transmit improper data to a certain QEMU-KVM\nprocess on the host, causing the guest to crash. A remote attacker could\nuse this flaw to send specially-crafted data to a target guest system,\ncausing that guest to crash. (CVE-2010-0741)\n\nA flaw was found in the way the Virtual Desktop Server Manager (VDSM)\nhandled the removal of a virtual machine's (VM) data back end (such as an\nimage or a volume). When removing an image or a volume, it was not securely\ndeleted from its corresponding data domain as expected. A guest user in a\nnew, raw VM, created in a data domain that has had VMs deleted from it,\ncould use this flaw to read limited data from those deleted VMs,\npotentially disclosing sensitive information. (CVE-2010-2223)\n\nThis updated package provides updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for dbus issue\nCVE-2009-1189; kernel issues CVE-2010-0307, CVE-2010-0410, CVE-2010-0730,\nCVE-2010-1085, and CVE-2010-1086; openldap issue CVE-2009-3767; and sudo\nissues CVE-2010-0426, CVE-2010-0427, and CVE-2010-1163.\n\nThis update also fixes several bugs and adds several enhancements.\nDocumentation for these bug fixes and enhancements is available from\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/2.2/html/Servers-5.5-2.2_Hypervisor_Security_Update\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug\nfixes and enhancements from the KVM updates RHSA-2010:0271 and\nRHBA-2010:0419 have been included in this update. Also included are the bug\nfixes and enhancements from the Virtual Desktop Server Manager (VDSM)\nupdate RHSA-2010:0473, and fence-agents update RHBA-2010:0477.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0271.html and\nhttps://rhn.redhat.com/errata/RHBA-2010-0419.html\nVDSM: https://rhn.redhat.com/errata/RHSA-2010-0473.html\nfence-agents: https://rhn.redhat.com/errata/RHBA-2010-0477.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues and adds these\nenhancements.\n", "modified": "2019-03-22T23:44:52", "published": "2010-06-22T04:00:00", "id": "RHSA-2010:0476", "href": "https://access.redhat.com/errata/RHSA-2010:0476", "type": "redhat", "title": "(RHSA-2010:0476) Important: rhev-hypervisor security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:32:36", "description": "CVE ID: CVE-2009-3767\r\n\r\nOpenLDAP\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u8f7b\u91cf\u7ea7\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\uff08LDAP\uff09\u5b9e\u73b0\u3002\r\n\r\n\u5728\u4f7f\u7528OpenSSL\u7684\u65f6\u5019\uff0cOpenLDAP\u7684libraries/libldap/tls_o.c\u5e93\u6ca1\u6709\u6b63\u786e\u5730\u5904\u7406X.509\u8bc1\u4e66\u4e3b\u9898\u901a\u7528\u540d\u79f0\uff08CN\uff09\u5b57\u6bb5\u57df\u540d\u4e2d\u7684\u7a7a\u5b57\u7b26\uff08\\0\uff09\uff0c\u5728\u5904\u7406\u5305\u542b\u6709\u7a7a\u5b57\u7b26\u7684\u8bc1\u4e66\u5b57\u6bb5\u65f6\u9519\u8bef\u5730\u5c06\u7a7a\u5b57\u7b26\u5904\u7406\u4e3a\u622a\u6b62\u5b57\u7b26\uff0c\u56e0\u6b64\u53ea\u4f1a\u9a8c\u8bc1\u7a7a\u5b57\u7b26\u524d\u7684\u90e8\u5206\u3002\u4f8b\u5982\uff0c\u5bf9\u4e8e\u7c7b\u4f3c\u4e8e\u4ee5\u4e0b\u7684\u540d\u79f0\uff1a\r\n\r\n example.com\\0.haxx.se\r\n\r\n\u8bc1\u4e66\u662f\u53d1\u5e03\u7ed9haxx.se\u7684\uff0c\u4f46/tls_o.c\u5e93\u9519\u8bef\u7684\u9a8c\u8bc1\u7ed9example.com\uff0c\u8fd9\u6709\u52a9\u4e8e\u653b\u51fb\u8005\u901a\u8fc7\u4e2d\u95f4\u4eba\u653b\u51fb\u6267\u884c\u7f51\u7edc\u9493\u9c7c\u7b49\u6b3a\u9a97\u3002\r\n\n\nOpenLDAP\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nOpenLDAP\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.11&f=h", "published": "2009-10-27T00:00:00", "title": "OpenLDAP CA SSL\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3767"], "modified": "2009-10-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12522", "id": "SSV:12522", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2021-01-17T13:44:44", "description": "A flaw was found in the way OpenLDAP handled NUL characters in the\nCommonName field of X.509 certificates. An attacker able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority could trick applications using OpenLDAP libraries into\naccepting it by mistake, allowing the attacker to perform a\nman-in-the-middle attack. (CVE-2009-3767)\n\nThis update also fixes the following bugs :\n\n - the ldap init script did not provide a way to alter\n system limits for the slapd daemon. A variable is now\n available in '/etc/sysconfig/ldap' for this option.\n (BZ#527313)\n\n - applications that use the OpenLDAP libraries to contact\n a Microsoft Active Directory server could crash when a\n large number of network interfaces existed. This update\n implements locks in the OpenLDAP library code to resolve\n this issue. (BZ#510522)\n\n - when slapd was configured to allow client certificates,\n approximately 90% of connections froze because of a\n large CA certificate file and slapd not checking the\n success of the SSL handshake. (BZ#509230)\n\n - the OpenLDAP server would freeze for unknown reasons\n under high load. These packages add support for\n accepting incoming connections by new threads, resolving\n the issue. (BZ#507276)\n\n - the compat-openldap libraries did not list dependencies\n on other libraries, causing programs that did not\n specifically specify the libraries to fail. Detection of\n the Application Binary Interface (ABI) in use on 64-bit\n systems has been added with this update. (BZ#503734)\n\n - the OpenLDAP libraries caused applications to crash due\n to an unprocessed network timeout. A timeval of -1 is\n now passed when NULL is passed to LDAP. (BZ#495701)\n\n - slapd could crash on a server under heavy load when\n using rwm overlay, caused by freeing non-allocated\n memory during operation cleanup. (BZ#495628)\n\n - the ldap init script made a temporary script in '/tmp/'\n and attempted to execute it. Problems arose when '/tmp/'\n was mounted with the noexec option. The temporary script\n is no longer created. (BZ#483356)\n\n - the ldap init script always started slapd listening on\n ldap:/// even if instructed to listen only on ldaps:///.\n By correcting the init script, a user can now select\n which ports slapd should listen on. (BZ#481003)\n\n - the slapd manual page did not mention the supported\n options -V and -o. (BZ#468206)\n\n - slapd.conf had a commented-out option to load the\n syncprov.la module. Once un-commented, slapd crashed at\n start-up because the module had already been statically\n linked to OpenLDAP. This update removes 'moduleload\n syncprov.la' from slapd.conf, which resolves this issue.\n (BZ#466937)\n\n - the migrate_automount.pl script produced output that was\n unsupported by autofs. This is corrected by updating the\n output LDIF format for automount records. (BZ#460331)\n\n - the ldap init script uses the TERM signal followed by\n the KILL signal when shutting down slapd. Minimal delay\n between the two signals could cause the LDAP database to\n become corrupted if it had not finished saving its\n state. A delay between the signals has been added via\n the 'STOP_DELAY' option in '/etc/sysconfig/ldap'.\n (BZ#452064)\n\n - the migrate_passwd.pl migration script had a problem\n when number fields contained only a zero. Such fields\n were considered to be empty, leading to the attribute\n not being set in the LDIF output. The condition in\n dump_shadow_attributes has been corrected to allow for\n the attributes to contain only a zero. (BZ#113857)\n\n - the migrate_base.pl migration script did not handle\n third level domains correctly, creating a second level\n domain that could not be held by a database with a three\n level base. This is now allowed by modifying the\n migrate_base.pl script to generate only one domain.\n (BZ#104585)", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : openldap on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100330_OPENLDAP_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60771", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60771);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3767\");\n\n script_name(english:\"Scientific Linux Security Update : openldap on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way OpenLDAP handled NUL characters in the\nCommonName field of X.509 certificates. An attacker able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority could trick applications using OpenLDAP libraries into\naccepting it by mistake, allowing the attacker to perform a\nman-in-the-middle attack. (CVE-2009-3767)\n\nThis update also fixes the following bugs :\n\n - the ldap init script did not provide a way to alter\n system limits for the slapd daemon. A variable is now\n available in '/etc/sysconfig/ldap' for this option.\n (BZ#527313)\n\n - applications that use the OpenLDAP libraries to contact\n a Microsoft Active Directory server could crash when a\n large number of network interfaces existed. This update\n implements locks in the OpenLDAP library code to resolve\n this issue. (BZ#510522)\n\n - when slapd was configured to allow client certificates,\n approximately 90% of connections froze because of a\n large CA certificate file and slapd not checking the\n success of the SSL handshake. (BZ#509230)\n\n - the OpenLDAP server would freeze for unknown reasons\n under high load. These packages add support for\n accepting incoming connections by new threads, resolving\n the issue. (BZ#507276)\n\n - the compat-openldap libraries did not list dependencies\n on other libraries, causing programs that did not\n specifically specify the libraries to fail. Detection of\n the Application Binary Interface (ABI) in use on 64-bit\n systems has been added with this update. (BZ#503734)\n\n - the OpenLDAP libraries caused applications to crash due\n to an unprocessed network timeout. A timeval of -1 is\n now passed when NULL is passed to LDAP. (BZ#495701)\n\n - slapd could crash on a server under heavy load when\n using rwm overlay, caused by freeing non-allocated\n memory during operation cleanup. (BZ#495628)\n\n - the ldap init script made a temporary script in '/tmp/'\n and attempted to execute it. Problems arose when '/tmp/'\n was mounted with the noexec option. The temporary script\n is no longer created. (BZ#483356)\n\n - the ldap init script always started slapd listening on\n ldap:/// even if instructed to listen only on ldaps:///.\n By correcting the init script, a user can now select\n which ports slapd should listen on. (BZ#481003)\n\n - the slapd manual page did not mention the supported\n options -V and -o. (BZ#468206)\n\n - slapd.conf had a commented-out option to load the\n syncprov.la module. Once un-commented, slapd crashed at\n start-up because the module had already been statically\n linked to OpenLDAP. This update removes 'moduleload\n syncprov.la' from slapd.conf, which resolves this issue.\n (BZ#466937)\n\n - the migrate_automount.pl script produced output that was\n unsupported by autofs. This is corrected by updating the\n output LDIF format for automount records. (BZ#460331)\n\n - the ldap init script uses the TERM signal followed by\n the KILL signal when shutting down slapd. Minimal delay\n between the two signals could cause the LDAP database to\n become corrupted if it had not finished saving its\n state. A delay between the signals has been added via\n the 'STOP_DELAY' option in '/etc/sysconfig/ldap'.\n (BZ#452064)\n\n - the migrate_passwd.pl migration script had a problem\n when number fields contained only a zero. Such fields\n were considered to be empty, leading to the attribute\n not being set in the LDIF output. The condition in\n dump_shadow_attributes has been corrected to allow for\n the attributes to contain only a zero. (BZ#113857)\n\n - the migrate_base.pl migration script did not handle\n third level domains correctly, creating a second level\n domain that could not be held by a database with a three\n level base. This is now allowed by modifying the\n migrate_base.pl script to generate only one domain.\n (BZ#104585)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=104585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=113857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=452064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=460331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=466937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=468206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=481003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=483356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=507276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=509230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=510522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=527313\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1004&L=scientific-linux-errata&T=0&P=793\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1e42aa6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"compat-openldap-2.3.43_2.2.29-12.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-2.3.43-12.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-clients-2.3.43-12.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-devel-2.3.43-12.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-servers-2.3.43-12.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-servers-overlays-2.3.43-12.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-servers-sql-2.3.43-12.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:41", "description": "Fixed security issue CVE-2009-3767, F12 and 13 already contain the\nfix, since it has been fixed in openldap-2.4.18\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : openldap-2.4.15-7.fc11 (2010-0752)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openldap", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-0752.NASL", "href": "https://www.tenable.com/plugins/nessus/47195", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-0752.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47195);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3767\");\n script_bugtraq_id(36844);\n script_xref(name:\"FEDORA\", value:\"2010-0752\");\n\n script_name(english:\"Fedora 11 : openldap-2.4.15-7.fc11 (2010-0752)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixed security issue CVE-2009-3767, F12 and 13 already contain the\nfix, since it has been fixed in openldap-2.4.18\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=530715\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8bada2ff\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"openldap-2.4.15-7.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:49:03", "description": "Jan Lieskovsky reports :\n\nOpenLDAP does not properly handle a '\\0' character in a domain name in\nthe subject's Common Name (CN) field of an X.509 certificate, which\nallows man-in-the-middle attackers to spoof arbitrary SSL servers via\na crafted certificate issued by a legitimate Certification Authority", "edition": 22, "published": "2014-04-16T00:00:00", "title": "FreeBSD : OpenLDAP -- incorrect handling of NULL in certificate Common Name (abad20bf-c1b4-11e3-a5ac-001b21614864)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767"], "modified": "2014-04-16T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:openldap24-client", "p-cpe:/a:freebsd:freebsd:linux-f10-openldap"], "id": "FREEBSD_PKG_ABAD20BFC1B411E3A5AC001B21614864.NASL", "href": "https://www.tenable.com/plugins/nessus/73552", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73552);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3767\");\n\n script_name(english:\"FreeBSD : OpenLDAP -- incorrect handling of NULL in certificate Common Name (abad20bf-c1b4-11e3-a5ac-001b21614864)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jan Lieskovsky reports :\n\nOpenLDAP does not properly handle a '\\0' character in a domain name in\nthe subject's Common Name (CN) field of an X.509 certificate, which\nallows man-in-the-middle attackers to spoof arbitrary SSL servers via\na crafted certificate issued by a legitimate Certification Authority\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767\"\n );\n # https://vuxml.freebsd.org/freebsd/abad20bf-c1b4-11e3-a5ac-001b21614864.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa0105ee\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openldap24-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openldap24-client<2.4.18\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-openldap<2.4.18\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:44:47", "description": "It was discovered that OpenLDAP did not correctly handle SSL\ncertificates with zero bytes in the Common Name. A remote attacker\ncould exploit this to perform a man in the middle attack to view\nsensitive information or alter encrypted communications.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2009-11-13T00:00:00", "title": "Ubuntu 6.06 LTS : openldap2.2 vulnerability (USN-858-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767"], "modified": "2009-11-13T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:ldap-utils", "p-cpe:/a:canonical:ubuntu_linux:slapd", "p-cpe:/a:canonical:ubuntu_linux:libldap-2.2-7", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-858-1.NASL", "href": "https://www.tenable.com/plugins/nessus/42795", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-858-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42795);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-3767\");\n script_bugtraq_id(36844);\n script_xref(name:\"USN\", value:\"858-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS : openldap2.2 vulnerability (USN-858-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that OpenLDAP did not correctly handle SSL\ncertificates with zero bytes in the Common Name. A remote attacker\ncould exploit this to perform a man in the middle attack to view\nsensitive information or alter encrypted communications.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/858-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ldap-utils, libldap-2.2-7 and / or slapd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ldap-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libldap-2.2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:slapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ldap-utils\", pkgver:\"2.2.26-5ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libldap-2.2-7\", pkgver:\"2.2.26-5ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"slapd\", pkgver:\"2.2.26-5ubuntu2.9\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ldap-utils / libldap-2.2-7 / slapd\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:07:35", "description": "Updated openldap packages that fix one security issue and several bugs\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA flaw was found in the way OpenLDAP handled NUL characters in the\nCommonName field of X.509 certificates. An attacker able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority could trick applications using OpenLDAP libraries into\naccepting it by mistake, allowing the attacker to perform a\nman-in-the-middle attack. (CVE-2009-3767)\n\nThis update also fixes the following bugs :\n\n* the ldap init script did not provide a way to alter system limits\nfor the slapd daemon. A variable is now available in\n'/etc/sysconfig/ldap' for this option. (BZ#527313)\n\n* applications that use the OpenLDAP libraries to contact a Microsoft\nActive Directory server could crash when a large number of network\ninterfaces existed. This update implements locks in the OpenLDAP\nlibrary code to resolve this issue. (BZ#510522)\n\n* when slapd was configured to allow client certificates,\napproximately 90% of connections froze because of a large CA\ncertificate file and slapd not checking the success of the SSL\nhandshake. (BZ#509230)\n\n* the OpenLDAP server would freeze for unknown reasons under high\nload. These packages add support for accepting incoming connections by\nnew threads, resolving the issue. (BZ#507276)\n\n* the compat-openldap libraries did not list dependencies on other\nlibraries, causing programs that did not specifically specify the\nlibraries to fail. Detection of the Application Binary Interface (ABI)\nin use on 64-bit systems has been added with this update. (BZ#503734)\n\n* the OpenLDAP libraries caused applications to crash due to an\nunprocessed network timeout. A timeval of -1 is now passed when NULL\nis passed to LDAP. (BZ#495701)\n\n* slapd could crash on a server under heavy load when using rwm\noverlay, caused by freeing non-allocated memory during operation\ncleanup. (BZ#495628)\n\n* the ldap init script made a temporary script in '/tmp/' and\nattempted to execute it. Problems arose when '/tmp/' was mounted with\nthe noexec option. The temporary script is no longer created.\n(BZ#483356)\n\n* the ldap init script always started slapd listening on ldap:/// even\nif instructed to listen only on ldaps:///. By correcting the init\nscript, a user can now select which ports slapd should listen on.\n(BZ#481003)\n\n* the slapd manual page did not mention the supported options -V and\n-o. (BZ#468206)\n\n* slapd.conf had a commented-out option to load the syncprov.la\nmodule. Once un-commented, slapd crashed at start-up because the\nmodule had already been statically linked to OpenLDAP. This update\nremoves 'moduleload syncprov.la' from slapd.conf, which resolves this\nissue. (BZ#466937)\n\n* the migrate_automount.pl script produced output that was unsupported\nby autofs. This is corrected by updating the output LDIF format for\nautomount records. (BZ#460331)\n\n* the ldap init script uses the TERM signal followed by the KILL\nsignal when shutting down slapd. Minimal delay between the two signals\ncould cause the LDAP database to become corrupted if it had not\nfinished saving its state. A delay between the signals has been added\nvia the 'STOP_DELAY' option in '/etc/sysconfig/ldap'. (BZ#452064)\n\n* the migrate_passwd.pl migration script had a problem when number\nfields contained only a zero. Such fields were considered to be empty,\nleading to the attribute not being set in the LDIF output. The\ncondition in dump_shadow_attributes has been corrected to allow for\nthe attributes to contain only a zero. (BZ#113857)\n\n* the migrate_base.pl migration script did not handle third level\ndomains correctly, creating a second level domain that could not be\nheld by a database with a three level base. This is now allowed by\nmodifying the migrate_base.pl script to generate only one domain.\n(BZ#104585)\n\nUsers of OpenLDAP should upgrade to these updated packages, which\nresolve these issues.", "edition": 28, "published": "2010-05-11T00:00:00", "title": "RHEL 5 : openldap (RHSA-2010:0198)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767"], "modified": "2010-05-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql", "p-cpe:/a:redhat:enterprise_linux:openldap-servers", "p-cpe:/a:redhat:enterprise_linux:openldap", "p-cpe:/a:redhat:enterprise_linux:openldap-servers-overlays", "p-cpe:/a:redhat:enterprise_linux:openldap-devel", "p-cpe:/a:redhat:enterprise_linux:openldap-clients", "p-cpe:/a:redhat:enterprise_linux:compat-openldap"], "id": "REDHAT-RHSA-2010-0198.NASL", "href": "https://www.tenable.com/plugins/nessus/46284", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0198. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46284);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3767\");\n script_bugtraq_id(36844);\n script_xref(name:\"RHSA\", value:\"2010:0198\");\n\n script_name(english:\"RHEL 5 : openldap (RHSA-2010:0198)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openldap packages that fix one security issue and several bugs\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA flaw was found in the way OpenLDAP handled NUL characters in the\nCommonName field of X.509 certificates. An attacker able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority could trick applications using OpenLDAP libraries into\naccepting it by mistake, allowing the attacker to perform a\nman-in-the-middle attack. (CVE-2009-3767)\n\nThis update also fixes the following bugs :\n\n* the ldap init script did not provide a way to alter system limits\nfor the slapd daemon. A variable is now available in\n'/etc/sysconfig/ldap' for this option. (BZ#527313)\n\n* applications that use the OpenLDAP libraries to contact a Microsoft\nActive Directory server could crash when a large number of network\ninterfaces existed. This update implements locks in the OpenLDAP\nlibrary code to resolve this issue. (BZ#510522)\n\n* when slapd was configured to allow client certificates,\napproximately 90% of connections froze because of a large CA\ncertificate file and slapd not checking the success of the SSL\nhandshake. (BZ#509230)\n\n* the OpenLDAP server would freeze for unknown reasons under high\nload. These packages add support for accepting incoming connections by\nnew threads, resolving the issue. (BZ#507276)\n\n* the compat-openldap libraries did not list dependencies on other\nlibraries, causing programs that did not specifically specify the\nlibraries to fail. Detection of the Application Binary Interface (ABI)\nin use on 64-bit systems has been added with this update. (BZ#503734)\n\n* the OpenLDAP libraries caused applications to crash due to an\nunprocessed network timeout. A timeval of -1 is now passed when NULL\nis passed to LDAP. (BZ#495701)\n\n* slapd could crash on a server under heavy load when using rwm\noverlay, caused by freeing non-allocated memory during operation\ncleanup. (BZ#495628)\n\n* the ldap init script made a temporary script in '/tmp/' and\nattempted to execute it. Problems arose when '/tmp/' was mounted with\nthe noexec option. The temporary script is no longer created.\n(BZ#483356)\n\n* the ldap init script always started slapd listening on ldap:/// even\nif instructed to listen only on ldaps:///. By correcting the init\nscript, a user can now select which ports slapd should listen on.\n(BZ#481003)\n\n* the slapd manual page did not mention the supported options -V and\n-o. (BZ#468206)\n\n* slapd.conf had a commented-out option to load the syncprov.la\nmodule. Once un-commented, slapd crashed at start-up because the\nmodule had already been statically linked to OpenLDAP. This update\nremoves 'moduleload syncprov.la' from slapd.conf, which resolves this\nissue. (BZ#466937)\n\n* the migrate_automount.pl script produced output that was unsupported\nby autofs. This is corrected by updating the output LDIF format for\nautomount records. (BZ#460331)\n\n* the ldap init script uses the TERM signal followed by the KILL\nsignal when shutting down slapd. Minimal delay between the two signals\ncould cause the LDAP database to become corrupted if it had not\nfinished saving its state. A delay between the signals has been added\nvia the 'STOP_DELAY' option in '/etc/sysconfig/ldap'. (BZ#452064)\n\n* the migrate_passwd.pl migration script had a problem when number\nfields contained only a zero. Such fields were considered to be empty,\nleading to the attribute not being set in the LDIF output. The\ncondition in dump_shadow_attributes has been corrected to allow for\nthe attributes to contain only a zero. (BZ#113857)\n\n* the migrate_base.pl migration script did not handle third level\ndomains correctly, creating a second level domain that could not be\nheld by a database with a three level base. This is now allowed by\nmodifying the migrate_base.pl script to generate only one domain.\n(BZ#104585)\n\nUsers of OpenLDAP should upgrade to these updated packages, which\nresolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0198\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers-overlays\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0198\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"compat-openldap-2.3.43_2.2.29-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openldap-2.3.43-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openldap-clients-2.3.43-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openldap-clients-2.3.43-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openldap-clients-2.3.43-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openldap-devel-2.3.43-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openldap-servers-2.3.43-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openldap-servers-2.3.43-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openldap-servers-2.3.43-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openldap-servers-overlays-2.3.43-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openldap-servers-overlays-2.3.43-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openldap-servers-overlays-2.3.43-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openldap-servers-sql-2.3.43-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openldap-servers-sql-2.3.43-12.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openldap-servers-sql-2.3.43-12.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / openldap / openldap-clients / openldap-devel / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:45:47", "description": "It was discovered that OpenLDAP, a free implementation of the\nLightweight Directory Access Protocol, when OpenSSL is used, does not\nproperly handle a '\\0' character in a domain name in the subject's\nCommon Name (CN) field of an X.509 certificate, which allows\nman-in-the-middle attackers to spoof arbitrary SSL servers via a\ncrafted certificate issued by a legitimate Certification Authority.", "edition": 27, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1943-1 : openldap openldap2.3 - insufficient input validation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767"], "modified": "2010-02-24T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openldap2.3", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:openldap"], "id": "DEBIAN_DSA-1943.NASL", "href": "https://www.tenable.com/plugins/nessus/44808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1943. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44808);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3767\");\n script_xref(name:\"DSA\", value:\"1943\");\n\n script_name(english:\"Debian DSA-1943-1 : openldap openldap2.3 - insufficient input validation\");\n script_summary(english:\"Checks dpkg output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that OpenLDAP, a free implementation of the\nLightweight Directory Access Protocol, when OpenSSL is used, does not\nproperly handle a '\\0' character in a domain name in the subject's\nCommon Name (CN) field of an X.509 certificate, which allows\nman-in-the-middle attackers to spoof arbitrary SSL servers via a\ncrafted certificate issued by a legitimate Certification Authority.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1943\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openldap2.3/openldap packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.3.30-5+etch3 for openldap2.3.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.11-1+lenny1 for openldap.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openldap2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"ldap-utils\", reference:\"2.3.30-5+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libldap-2.3-0\", reference:\"2.3.30-5+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"slapd\", reference:\"2.3.30-5+etch3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ldap-utils\", reference:\"2.4.11-1+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libldap-2.4-2\", reference:\"2.4.11-1+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libldap-2.4-2-dbg\", reference:\"2.4.11-1+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libldap2-dev\", reference:\"2.4.11-1+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"slapd\", reference:\"2.4.11-1+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"slapd-dbg\", reference:\"2.4.11-1+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:26:27", "description": "Updated openldap packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nAn uninitialized pointer use flaw was discovered in the way the slapd\ndaemon handled modify relative distinguished name (modrdn) requests.\nAn authenticated user with privileges to perform modrdn operations\ncould use this flaw to crash the slapd daemon via specially crafted\nmodrdn requests. (CVE-2010-0211)\n\nRed Hat would like to thank CERT-FI for responsibly reporting the\nCVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salomaki for\nthe discovery of the issue.\n\nA flaw was found in the way OpenLDAP handled NUL characters in the\nCommonName field of X.509 certificates. An attacker able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority could trick applications using OpenLDAP libraries into\naccepting it by mistake, allowing the attacker to perform a\nman-in-the-middle attack. (CVE-2009-3767)\n\nUsers of OpenLDAP should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the OpenLDAP daemons will be restarted automatically.", "edition": 26, "published": "2010-07-22T00:00:00", "title": "CentOS 4 : openldap (CESA-2010:0543)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767", "CVE-2010-0211"], "modified": "2010-07-22T00:00:00", "cpe": ["p-cpe:/a:centos:centos:compat-openldap", "p-cpe:/a:centos:centos:openldap", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:openldap-servers-sql", "p-cpe:/a:centos:centos:openldap-servers", "p-cpe:/a:centos:centos:openldap-devel", "p-cpe:/a:centos:centos:openldap-clients"], "id": "CENTOS_RHSA-2010-0543.NASL", "href": "https://www.tenable.com/plugins/nessus/47790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0543 and \n# CentOS Errata and Security Advisory 2010:0543 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47790);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3767\", \"CVE-2010-0211\");\n script_bugtraq_id(36844, 41770);\n script_xref(name:\"RHSA\", value:\"2010:0543\");\n\n script_name(english:\"CentOS 4 : openldap (CESA-2010:0543)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openldap packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nAn uninitialized pointer use flaw was discovered in the way the slapd\ndaemon handled modify relative distinguished name (modrdn) requests.\nAn authenticated user with privileges to perform modrdn operations\ncould use this flaw to crash the slapd daemon via specially crafted\nmodrdn requests. (CVE-2010-0211)\n\nRed Hat would like to thank CERT-FI for responsibly reporting the\nCVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salomaki for\nthe discovery of the issue.\n\nA flaw was found in the way OpenLDAP handled NUL characters in the\nCommonName field of X.509 certificates. An attacker able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority could trick applications using OpenLDAP libraries into\naccepting it by mistake, allowing the attacker to perform a\nman-in-the-middle attack. (CVE-2009-3767)\n\nUsers of OpenLDAP should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the OpenLDAP daemons will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-July/016791.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f57350f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-July/016792.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7aadb389\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"compat-openldap-2.1.30-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"compat-openldap-2.1.30-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openldap-2.2.13-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openldap-2.2.13-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openldap-clients-2.2.13-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openldap-clients-2.2.13-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openldap-devel-2.2.13-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openldap-devel-2.2.13-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openldap-servers-2.2.13-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openldap-servers-2.2.13-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openldap-servers-sql-2.2.13-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openldap-servers-sql-2.2.13-12.el4_8.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / openldap / openldap-clients / openldap-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:08:01", "description": "Updated openldap packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nAn uninitialized pointer use flaw was discovered in the way the slapd\ndaemon handled modify relative distinguished name (modrdn) requests.\nAn authenticated user with privileges to perform modrdn operations\ncould use this flaw to crash the slapd daemon via specially crafted\nmodrdn requests. (CVE-2010-0211)\n\nRed Hat would like to thank CERT-FI for responsibly reporting the\nCVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salomaki for\nthe discovery of the issue.\n\nA flaw was found in the way OpenLDAP handled NUL characters in the\nCommonName field of X.509 certificates. An attacker able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority could trick applications using OpenLDAP libraries into\naccepting it by mistake, allowing the attacker to perform a\nman-in-the-middle attack. (CVE-2009-3767)\n\nUsers of OpenLDAP should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the OpenLDAP daemons will be restarted automatically.", "edition": 27, "published": "2010-07-28T00:00:00", "title": "RHEL 4 : openldap (RHSA-2010:0543)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767", "CVE-2010-0211"], "modified": "2010-07-28T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql", "p-cpe:/a:redhat:enterprise_linux:openldap-servers", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:openldap", "p-cpe:/a:redhat:enterprise_linux:openldap-devel", "p-cpe:/a:redhat:enterprise_linux:openldap-clients", "p-cpe:/a:redhat:enterprise_linux:compat-openldap"], "id": "REDHAT-RHSA-2010-0543.NASL", "href": "https://www.tenable.com/plugins/nessus/47878", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0543. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47878);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3767\", \"CVE-2010-0211\");\n script_bugtraq_id(36844, 41770);\n script_xref(name:\"RHSA\", value:\"2010:0543\");\n\n script_name(english:\"RHEL 4 : openldap (RHSA-2010:0543)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openldap packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nAn uninitialized pointer use flaw was discovered in the way the slapd\ndaemon handled modify relative distinguished name (modrdn) requests.\nAn authenticated user with privileges to perform modrdn operations\ncould use this flaw to crash the slapd daemon via specially crafted\nmodrdn requests. (CVE-2010-0211)\n\nRed Hat would like to thank CERT-FI for responsibly reporting the\nCVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salomaki for\nthe discovery of the issue.\n\nA flaw was found in the way OpenLDAP handled NUL characters in the\nCommonName field of X.509 certificates. An attacker able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority could trick applications using OpenLDAP libraries into\naccepting it by mistake, allowing the attacker to perform a\nman-in-the-middle attack. (CVE-2009-3767)\n\nUsers of OpenLDAP should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the OpenLDAP daemons will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0543\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0543\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"compat-openldap-2.1.30-12.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-2.2.13-12.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-clients-2.2.13-12.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-devel-2.2.13-12.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-servers-2.2.13-12.el4_8.3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-servers-sql-2.2.13-12.el4_8.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / openldap / openldap-clients / openldap-devel / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:33", "description": "A vulnerability was discovered and corrected in openldap :\n\nlibraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not\nproperly handle a '' (NUL) character in a domain name in the\nsubject's Common Name (CN) field of an X.509 certificate, which allows\nman-in-the-middle attackers to spoof arbitrary SSL servers via a\ncrafted certificate issued by a legitimate Certification Authority, a\nrelated issue to CVE-2009-2408 (CVE-2009-3767).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers.\n\nThe updated packages have been patched to correct this issue.", "edition": 26, "published": "2010-01-27T00:00:00", "title": "Mandriva Linux Security Advisory : openldap (MDVSA-2010:026)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767", "CVE-2009-2408"], "modified": "2010-01-27T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libldap2.3_0", "p-cpe:/a:mandriva:linux:openldap-clients", "p-cpe:/a:mandriva:linux:lib64ldap2.4_2", "p-cpe:/a:mandriva:linux:libldap2.3_0-devel", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:openldap-tests", "p-cpe:/a:mandriva:linux:lib64ldap2.4_2-static-devel", "p-cpe:/a:mandriva:linux:openldap-doc", "p-cpe:/a:mandriva:linux:lib64ldap2.3_0", "p-cpe:/a:mandriva:linux:lib64ldap2.3_0-devel", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:openldap-servers", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:openldap-testprogs", "p-cpe:/a:mandriva:linux:libldap2.4_2-static-devel", "p-cpe:/a:mandriva:linux:libldap2.3_0-static-devel", "p-cpe:/a:mandriva:linux:libldap2.4_2-devel", "p-cpe:/a:mandriva:linux:lib64ldap2.4_2-devel", "p-cpe:/a:mandriva:linux:libldap2.4_2", "p-cpe:/a:mandriva:linux:lib64ldap2.3_0-static-devel", "p-cpe:/a:mandriva:linux:openldap"], "id": "MANDRIVA_MDVSA-2010-026.NASL", "href": "https://www.tenable.com/plugins/nessus/44321", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:026. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44321);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3767\");\n script_bugtraq_id(36844);\n script_xref(name:\"MDVSA\", value:\"2010:026\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openldap (MDVSA-2010:026)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in openldap :\n\nlibraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not\nproperly handle a '' (NUL) character in a domain name in the\nsubject's Common Name (CN) field of an X.509 certificate, which allows\nman-in-the-middle attackers to spoof arbitrary SSL servers via a\ncrafted certificate issued by a legitimate Certification Authority, a\nrelated issue to CVE-2009-2408 (CVE-2009-3767).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers.\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.3_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.3_0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.3_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.3_0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.4_2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.4_2-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-testprogs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-2.3.38-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-devel-2.3.38-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-static-devel-2.3.38-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libldap2.3_0-2.3.38-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libldap2.3_0-devel-2.3.38-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libldap2.3_0-static-devel-2.3.38-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-2.3.38-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-clients-2.3.38-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-doc-2.3.38-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-servers-2.3.38-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-testprogs-2.3.38-3.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-tests-2.3.38-3.4mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-2.4.11-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-devel-2.4.11-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-static-devel-2.4.11-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libldap2.4_2-2.4.11-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libldap2.4_2-devel-2.4.11-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libldap2.4_2-static-devel-2.4.11-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"openldap-2.4.11-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"openldap-clients-2.4.11-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"openldap-doc-2.4.11-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"openldap-servers-2.4.11-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"openldap-testprogs-2.4.11-3.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"openldap-tests-2.4.11-3.2mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-2.4.16-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-devel-2.4.16-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-static-devel-2.4.16-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libldap2.4_2-2.4.16-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libldap2.4_2-devel-2.4.16-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libldap2.4_2-static-devel-2.4.16-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"openldap-2.4.16-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"openldap-clients-2.4.16-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"openldap-doc-2.4.16-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"openldap-servers-2.4.16-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"openldap-testprogs-2.4.16-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"openldap-tests-2.4.16-1.1mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:45:12", "description": "From Red Hat Security Advisory 2010:0543 :\n\nUpdated openldap packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nAn uninitialized pointer use flaw was discovered in the way the slapd\ndaemon handled modify relative distinguished name (modrdn) requests.\nAn authenticated user with privileges to perform modrdn operations\ncould use this flaw to crash the slapd daemon via specially crafted\nmodrdn requests. (CVE-2010-0211)\n\nRed Hat would like to thank CERT-FI for responsibly reporting the\nCVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salomaki for\nthe discovery of the issue.\n\nA flaw was found in the way OpenLDAP handled NUL characters in the\nCommonName field of X.509 certificates. An attacker able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority could trick applications using OpenLDAP libraries into\naccepting it by mistake, allowing the attacker to perform a\nman-in-the-middle attack. (CVE-2009-3767)\n\nUsers of OpenLDAP should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the OpenLDAP daemons will be restarted automatically.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : openldap (ELSA-2010-0543)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3767", "CVE-2010-0211"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openldap", "p-cpe:/a:oracle:linux:openldap-servers", "p-cpe:/a:oracle:linux:openldap-clients", "p-cpe:/a:oracle:linux:openldap-devel", "p-cpe:/a:oracle:linux:openldap-servers-sql", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:compat-openldap"], "id": "ORACLELINUX_ELSA-2010-0543.NASL", "href": "https://www.tenable.com/plugins/nessus/68065", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0543 and \n# Oracle Linux Security Advisory ELSA-2010-0543 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68065);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3767\", \"CVE-2010-0211\");\n script_bugtraq_id(36844, 41770);\n script_xref(name:\"RHSA\", value:\"2010:0543\");\n\n script_name(english:\"Oracle Linux 4 : openldap (ELSA-2010-0543)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0543 :\n\nUpdated openldap packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nAn uninitialized pointer use flaw was discovered in the way the slapd\ndaemon handled modify relative distinguished name (modrdn) requests.\nAn authenticated user with privileges to perform modrdn operations\ncould use this flaw to crash the slapd daemon via specially crafted\nmodrdn requests. (CVE-2010-0211)\n\nRed Hat would like to thank CERT-FI for responsibly reporting the\nCVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salomaki for\nthe discovery of the issue.\n\nA flaw was found in the way OpenLDAP handled NUL characters in the\nCommonName field of X.509 certificates. An attacker able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority could trick applications using OpenLDAP libraries into\naccepting it by mistake, allowing the attacker to perform a\nman-in-the-middle attack. (CVE-2009-3767)\n\nUsers of OpenLDAP should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the OpenLDAP daemons will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001543.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"compat-openldap-2.1.30-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"openldap-2.2.13-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"openldap-clients-2.2.13-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"openldap-devel-2.2.13-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"openldap-servers-2.2.13-12.el4_8.3\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"openldap-servers-sql-2.2.13-12.el4_8.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / openldap / openldap-clients / openldap-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-10-15T13:25:25", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3767"], "description": "It was discovered that OpenLDAP did not correctly handle SSL certificates \nwith zero bytes in the Common Name. A remote attacker could exploit this to \nperform a man in the middle attack to view sensitive information or alter \nencrypted communications.", "edition": 6, "modified": "2009-11-12T00:00:00", "published": "2009-11-12T00:00:00", "id": "USN-858-1", "href": "https://ubuntu.com/security/notices/USN-858-1", "title": "OpenLDAP vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2020-10-15T13:08:44", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3767"], "description": "\nJan Lieskovsky reports:\n\nOpenLDAP does not properly handle a '\\0' character in a domain name\n\t in the subject's Common Name (CN) field of an X.509 certificate,\n\t which allows man-in-the-middle attackers to spoof arbitrary SSL\n\t servers via a crafted certificate issued by a legitimate\n\t Certification Authority\n\n", "edition": 5, "modified": "2009-08-07T00:00:00", "published": "2009-08-07T00:00:00", "id": "ABAD20BF-C1B4-11E3-A5AC-001B21614864", "href": "https://vuxml.freebsd.org/freebsd/abad20bf-c1b4-11e3-a5ac-001b21614864.html", "title": "OpenLDAP -- incorrect handling of NULL in certificate Common Name", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:34", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3767"], "description": "[2.3.43-12]\n- updated spec file, so the compat-libs linking patch applies\n correctly\n[2.3.43-11]\n- backported patch to handle null character in TLS\n certificates (#560912)\n[2.3.43-10]\n- updated chase-referral patch to compile cleanly\n- updated init script (#562714)\n[2.3.43-9]\n- updated ldap.sysconf to include SLAPD_LDAP, SLAPD_LDAPS and\n SLAPD_LDAPI options (#559520)\n[2.3.43-8]\n- fixed connection freeze when TLSVerifyClient = allow (#509230)\n[2.3.43-7]\n- fixed chasing referrals in libldap (#510522)\n[2.3.43-6]\n- fixed possible double free() in rwm overlay (#495628)\n- updated slapd man page and slapcat usage string (#468206)\n- updated default config for slapd - deleted syncprov module (#466937)\n- fixed migration tools autofs generated format (#460331)\n- fixed migration tools numbers detection in /etc/shadow (#113857)\n- fixed migration tools base ldif (#104585)\n[2.3.43-5]\n- implementation of limit adjustment before starting slapd (#527313)\n- init script no longer executes script in /tmp (#483356)\n- slapd not starting with ldap:/// every time (#481003)\n- delay between TERM and KILL when shutting down slapd (#452064)\n[2.3.43-4]\n- fixed compat libs linking (#503734)\n- activated lightweight dispatcher feature (#507276)\n- detection of timeout after failed result (#495701", "modified": "2010-04-05T00:00:00", "published": "2010-04-05T00:00:00", "id": "ELSA-2010-0198", "href": "http://linux.oracle.com/errata/ELSA-2010-0198.html", "type": "oraclelinux", "title": "openldap security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:14", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3767", "CVE-2010-0211"], "description": "[2.2.13-12.3]\n- fixed modrdn segfault issues (#606399)\n- fixed handling of null character when using TLS (#606399, patches for both\n main and compat library backported by Jan Vcelak \n) ", "modified": "2010-07-20T00:00:00", "published": "2010-07-20T00:00:00", "id": "ELSA-2010-0543", "href": "http://linux.oracle.com/errata/ELSA-2010-0543.html", "type": "oraclelinux", "title": "openldap security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3767"], "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. ", "modified": "2010-03-02T01:03:33", "published": "2010-03-02T01:03:33", "id": "FEDORA:0AF8111121D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: openldap-2.4.15-7.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2021-06-08T22:33:42", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3767"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1943 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nDecember 02, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\n\nPackages : openldap openldap2.3\nVulnerability : insufficient input validation\nProblem type : remote\nDebian-specific: no\nDebian bug : 553432\nCVE ID : CVE-2009-3767\n\nIt was discovered that OpenLDAP, a free implementation of the Lightweight\nDirectory Access Protocol, when OpenSSL is used, does not properly handle a '\\0'\ncharacter in a domain name in the subject's Common Name (CN) field of an X.509\ncertificate, which allows man-in-the-middle attackers to spoof arbitrary SSL\nservers via a crafted certificate issued by a legitimate Certification Authority.\n\nFor the oldstable distribution (etch), this problem has been fixed in version\n2.3.30-5+etch3 for openldap2.3.\n\nFor the stable distribution (lenny), this problem has been fixed in version\n2.4.11-1+lenny1 for openldap.\n\nFor the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem has been fixed in version 2.4.17-2.1 for openldap.\n\n\nWe recommend that you upgrade your openldap2.3/openldap packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips,\nmipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz\n Size/MD5 checksum: 2971126 c40bcc23fa65908b8d7a86a4a6061251\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.dsc\n Size/MD5 checksum: 1214 36efc1cf2a98c54d4b1da0910e273843\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.diff.gz\n Size/MD5 checksum: 315058 310ce752b78ff3227d78dcd8c1bd60a5\n\nalpha architecture (DEC Alpha)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_alpha.deb\n Size/MD5 checksum: 293108 2172048d5f8b8b7f379b3414fc5c2e37\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_alpha.deb\n Size/MD5 checksum: 1280772 ab65f162a40607c1787f9b03783a7563\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_alpha.deb\n Size/MD5 checksum: 193768 602a6da790648dd8b0af7d9f386b5c6e\n\namd64 architecture (AMD x86_64 (AMD64))\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_amd64.deb\n Size/MD5 checksum: 285554 42480b47018eb1d70b9e62d05b925a5b\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_amd64.deb\n Size/MD5 checksum: 1244570 b88256f8259516b09c51f166ff6b4aea\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_amd64.deb\n Size/MD5 checksum: 184652 716cc53985a031d1fe03fede778d6ae5\n\narm architecture (ARM)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_arm.deb\n Size/MD5 checksum: 1190314 8686c6a9a9240e6113f92c8bb20d7e1a\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_arm.deb\n Size/MD5 checksum: 254828 49d9c9a250fb4a5a828de5791ee92380\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_arm.deb\n Size/MD5 checksum: 155876 bb45d3104fe4b9811fdb3063da42d3b1\n\nhppa architecture (HP PA RISC)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_hppa.deb\n Size/MD5 checksum: 1307146 698d7416e4cc544522ce2e25ac9c0fce\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_hppa.deb\n Size/MD5 checksum: 292798 eb9d6d19560a1153cc58ccae3f354a4e\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_hppa.deb\n Size/MD5 checksum: 182568 caade74265ee9d7b8ac77c844c23b413\n\ni386 architecture (Intel ia32)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_i386.deb\n Size/MD5 checksum: 1177552 f3ccf11b82474593af5e30a272f9edb9\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_i386.deb\n Size/MD5 checksum: 148744 168e58797e74f9b3b6d3c337b6369ca7\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_i386.deb\n Size/MD5 checksum: 266538 3be52b8402d06913624a3e808be58ecb\n\nia64 architecture (Intel ia64)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_ia64.deb\n Size/MD5 checksum: 239248 78d1537b3a106824ff5d076e828a0312\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_ia64.deb\n Size/MD5 checksum: 379904 dbc96e1a44dce4bb5f79b9c043823293\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_ia64.deb\n Size/MD5 checksum: 1660854 fcc2873ffd50e45c956d9bcc81d83c51\n\nmips architecture (MIPS (Big Endian))\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mips.deb\n Size/MD5 checksum: 258210 298f5a83a1efd8c035644fd58df21f2c\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mips.deb\n Size/MD5 checksum: 185598 b6c67ee072f2de03820e7ce11edb39c3\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mips.deb\n Size/MD5 checksum: 1205768 3f312958af5ea129384513e5fab72208\n\nmipsel architecture (MIPS (Little Endian))\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mipsel.deb\n Size/MD5 checksum: 258852 d7ba57787989e3fb5035fce34b04965d\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mipsel.deb\n Size/MD5 checksum: 187100 46910e3923926ac060c13a7a53f8cac4\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mipsel.deb\n Size/MD5 checksum: 1188878 5698884b42d7206c2b0c134602861354\n\npowerpc architecture (PowerPC)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_powerpc.deb\n Size/MD5 checksum: 188914 e03855167b8e13bdb72e47baa9644f86\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_powerpc.deb\n Size/MD5 checksum: 272378 f5741b7ac8f4172e7481f5c2e699231b\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_powerpc.deb\n Size/MD5 checksum: 1243754 2a8b933e956e5ac4bc29028688bb09ec\n\ns390 architecture (IBM S/390)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_s390.deb\n Size/MD5 checksum: 291822 6b47ac5b7fbc269c1973c494d5dadbc2\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_s390.deb\n Size/MD5 checksum: 168716 f72b023d98d61565c624f7acbf953baf\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_s390.deb\n Size/MD5 checksum: 1241532 0167eb506b063de5435181f40c6cf809\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_sparc.deb\n Size/MD5 checksum: 1177712 770a58d0c60ad11e5ca4cf25159fe2c7\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_sparc.deb\n Size/MD5 checksum: 153682 d8bf20f2a94456451d4ea29d3237d280\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_sparc.deb\n Size/MD5 checksum: 258560 4bfd77d56852608813f158ecfd91b42b\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,\nmips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.diff.gz\n Size/MD5 checksum: 148075 024b717169f42734ee5650ebe2978631\n\nhttp://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.dsc\n Size/MD5 checksum: 1831 ca4cb86b4847a59f95275ff2f4d0e173\n\nhttp://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11.orig.tar.gz\n Size/MD5 checksum: 4193523 d4e8669e2c9b8d981e371e97e3cf92d9\n\nalpha architecture (DEC Alpha)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_alpha.deb\n Size/MD5 checksum: 3624752 5b4e467360ecd8cc897b03b5aca57dad\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_alpha.deb\n Size/MD5 checksum: 205526 3b083869976ab4d8d8df69d27fe9480e\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_alpha.deb\n Size/MD5 checksum: 280526 4ed333757fef7e98d89c5edda6589b04\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_alpha.deb\n Size/MD5 checksum: 1537448 98d6aeab748560a491e0b526d930fc0c\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_alpha.deb\n Size/MD5 checksum: 1013148 cc656603f7ae0eacc2b3c22dd1fae967\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_alpha.deb\n Size/MD5 checksum: 285128 e526e547a4af2c13bf3ae90dfdf023a2\n\namd64 architecture (AMD x86_64 (AMD64))\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_amd64.deb\n Size/MD5 checksum: 1493300 31c077d63cc2ff159927939cadb29808\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_amd64.deb\n Size/MD5 checksum: 299612 e148216f77a9136adb19acd8df026d6d\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_amd64.deb\n Size/MD5 checksum: 267470 f903f46433faa1d2b6b203e50aaed3d8\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_amd64.deb\n Size/MD5 checksum: 881074 de337737dd93af0b81bd90e3c6f23377\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_amd64.deb\n Size/MD5 checksum: 3664994 8ad4581bd54e1ed7a8f3c1c8bf210c17\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_amd64.deb\n Size/MD5 checksum: 204896 c0dba3b62aa14392d29f831d6c87206d\n\narm architecture (ARM)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_arm.deb\n Size/MD5 checksum: 280140 ccaed923684d35304f50f27fc6b868b3\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_arm.deb\n Size/MD5 checksum: 248918 a08cf9fd18ce8806be437c364179c2b3\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_arm.deb\n Size/MD5 checksum: 877400 614df898211cc5311a62159f6ee21b93\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_arm.deb\n Size/MD5 checksum: 1405962 5e1e62d6f0a5984486fa2eaa478eab38\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_arm.deb\n Size/MD5 checksum: 180520 96b5fe5d50b9a1d59eb5ab03489a1b90\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_arm.deb\n Size/MD5 checksum: 3572646 a8e804a9e966a57306a9229acd11ff80\n\nhppa architecture (HP PA RISC)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_hppa.deb\n Size/MD5 checksum: 1533292 8d5c2d83596b10c9d3ee7a4dcb692026\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_hppa.deb\n Size/MD5 checksum: 3619256 2ad8452962291b553fadc8bb6398f834\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_hppa.deb\n Size/MD5 checksum: 200874 27205d8a86701cb133f7507eeef5e76a\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_hppa.deb\n Size/MD5 checksum: 283816 1163f67e39b08c10cf492b24bd526f24\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_hppa.deb\n Size/MD5 checksum: 264158 905749f1e385f9d93c2358b05dc42dfb\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_hppa.deb\n Size/MD5 checksum: 999386 6a071952604a9c30483fca7f3a3754ec\n\ni386 architecture (Intel ia32)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_i386.deb\n Size/MD5 checksum: 189442 879dac84b581979646c49bde9743c630\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_i386.deb\n Size/MD5 checksum: 286808 2dcb4f8e5514d9e4d9072b4853da322d\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_i386.deb\n Size/MD5 checksum: 892068 449ba5d6037617e4e93dfd6bcb093549\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_i386.deb\n Size/MD5 checksum: 3560322 c6a6fbc66944bd05585c1065ab012c93\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_i386.deb\n Size/MD5 checksum: 244952 5a5b31ebb9098059e62eb57d209a6846\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_i386.deb\n Size/MD5 checksum: 1404266 a3bffb93ec3b0d0d130a6a7e29091a9b\n\nia64 architecture (Intel ia64)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_ia64.deb\n Size/MD5 checksum: 3589108 d34afb06a3b21ad7267ef5d31b6ad322\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_ia64.deb\n Size/MD5 checksum: 932026 1194a002673f8a73cf382c2333c7882b\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_ia64.deb\n Size/MD5 checksum: 352020 e40c570396514fee0c6eee3920be2607\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_ia64.deb\n Size/MD5 checksum: 269084 1720388cc8102f33122375034a703a05\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_ia64.deb\n Size/MD5 checksum: 259018 658248f4329555e81896800709302575\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_ia64.deb\n Size/MD5 checksum: 2006532 6ad20563d8999759f32445576fd69856\n\nmips architecture (MIPS (Big Endian))\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_mips.deb\n Size/MD5 checksum: 3712752 8d48a2797c1f4e6b5dea203698e4b31c\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_mips.deb\n Size/MD5 checksum: 180956 88613b463fcdba79539048ce681d4f5e\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_mips.deb\n Size/MD5 checksum: 260240 f6fa5402a6fc03aef4b87735030969c5\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_mips.deb\n Size/MD5 checksum: 854756 76ad64ab6fe85c5bfc654266101e024a\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_mips.deb\n Size/MD5 checksum: 1394436 4930b2b56c642182c8ccd69d5bc53685\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_mips.deb\n Size/MD5 checksum: 302106 3672bab4d2c0c037a1d9c0a61fa16139\n\npowerpc architecture (PowerPC)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_powerpc.deb\n Size/MD5 checksum: 3718584 7b120292ce66e7ea85b3ad623da0bb4e\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_powerpc.deb\n Size/MD5 checksum: 295146 f131ea5cdbab25c2416ff06f6697bc08\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_powerpc.deb\n Size/MD5 checksum: 199248 c683d506deb5fadabea906c9dec36c9f\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_powerpc.deb\n Size/MD5 checksum: 1536614 b5c37ae6f72127bdf6910100edeb06e5\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_powerpc.deb\n Size/MD5 checksum: 907106 6af4614c092e6ccda8580e6a73cb8728\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_powerpc.deb\n Size/MD5 checksum: 284952 b75e2ddab46ddab036ef40b21cec63ee\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_sparc.deb\n Size/MD5 checksum: 872178 a7739e034d0df26a69e0cb569802d594\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_sparc.deb\n Size/MD5 checksum: 249022 334ecf73608e20ec6cff79716cf10fde\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_sparc.deb\n Size/MD5 checksum: 1387990 4935db487abd61e04adb3a846ed7aadc\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_sparc.deb\n Size/MD5 checksum: 260980 006fdd6b90293fdf1331442ccabde568\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_sparc.deb\n Size/MD5 checksum: 182822 73c3edfab6b52e772ed36c990c13f210\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_sparc.deb\n Size/MD5 checksum: 3502906 c19b8875ae915cec344bb74a5e462e44\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n\n", "edition": 10, "modified": "2009-12-02T21:46:03", "published": "2009-12-02T21:46:03", "id": "DEBIAN:DSA-1943-1:4209E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00266.html", "title": "[SECURITY] [DSA 1943-1] New openldap2.3/openldap packages fix SSL certificate verification weakness", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "centos": [{"lastseen": "2020-10-15T13:04:29", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3767", "CVE-2010-0211"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0543\n\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nAn uninitialized pointer use flaw was discovered in the way the slapd\ndaemon handled modify relative distinguished name (modrdn) requests. An\nauthenticated user with privileges to perform modrdn operations could use\nthis flaw to crash the slapd daemon via specially-crafted modrdn requests.\n(CVE-2010-0211)\n\nRed Hat would like to thank CERT-FI for responsibly reporting the\nCVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salom\u00e4ki for the\ndiscovery of the issue.\n\nA flaw was found in the way OpenLDAP handled NUL characters in the\nCommonName field of X.509 certificates. An attacker able to get a\ncarefully-crafted certificate signed by a trusted Certificate Authority\ncould trick applications using OpenLDAP libraries into accepting it by\nmistake, allowing the attacker to perform a man-in-the-middle attack.\n(CVE-2009-3767)\n\nUsers of OpenLDAP should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. After installing this update,\nthe OpenLDAP daemons will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/028829.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/028830.html\n\n**Affected packages:**\ncompat-openldap\nopenldap\nopenldap-clients\nopenldap-devel\nopenldap-servers\nopenldap-servers-sql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0543.html", "edition": 4, "modified": "2010-07-21T19:15:25", "published": "2010-07-21T19:15:25", "href": "http://lists.centos.org/pipermail/centos-announce/2010-July/028829.html", "id": "CESA-2010:0543", "title": "compat, openldap security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "vmware": [{"lastseen": "2021-06-08T18:38:42", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3767", "CVE-2009-2409", "CVE-2010-0826", "CVE-2009-3245", "CVE-2009-3555", "CVE-2010-0734", "CVE-2010-0433", "CVE-2010-1646"], "description": "a. Service Console update for NSS_db \n \nThe service console package NSS_db is updated to version nss_db-2.2-35.4.el5_5. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0826 to this issue. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 5, "modified": "2010-11-16T00:00:00", "published": "2010-09-30T00:00:00", "id": "VMSA-2010-0015", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0015.html", "title": "VMware ESX third party updates for Service Console", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:35", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2668", "CVE-2009-3767", "CVE-2011-4079", "CVE-2011-1024", "CVE-2010-0212", "CVE-2011-1081", "CVE-2012-1164", "CVE-2011-1025", "CVE-2010-0211"], "edition": 1, "description": "### Background\n\nOpenLDAP is an LDAP suite of application and development tools.\n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenLDAP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using OpenLDAP, bypass security restrictions or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenLDAP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-nds/openldap-2.4.35\"", "modified": "2014-06-30T00:00:00", "published": "2014-06-30T00:00:00", "id": "GLSA-201406-36", "href": "https://security.gentoo.org/glsa/201406-36", "type": "gentoo", "title": "OpenLDAP: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}