Lucene search
Debian: Security Advisory (DSA-1541-1)
🗓️ 21 Apr 2008 00:00:00Reported by Copyright (C) 2008 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 10 Views
The remote host is missing an update for the Debian 'openldap2.3' package(s) announced via the DSA-1541-1 advisory. Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol
Show more
| Reporter | Title | Published | Views | Family All 125 |
|---|---|---|---|---|
| Debian Security Advisory DSA 1541-1 (openldap2.3) | 21 Apr 200800:00 | – | openvas |
| Mandriva Update for openldap MDVSA-2008:058 (openldap) | 9 Apr 200900:00 | – | openvas |
| Mandriva Update for openldap MDVSA-2008:058 (openldap) | 9 Apr 200900:00 | – | openvas |
| Gentoo Security Advisory GLSA 200803-28 (openldap) | 24 Sep 200800:00 | – | openvas |
| Gentoo Security Advisory GLSA 200803-28 (openldap) | 24 Sep 200800:00 | – | openvas |
| Ubuntu Update for openldap vulnerabilities USN-551-1 | 23 Mar 200900:00 | – | openvas |
| Fedora Update for openldap FEDORA-2007-3124 | 27 Feb 200900:00 | – | openvas |
| Fedora Update for openldap FEDORA-2007-2796 | 27 Feb 200900:00 | – | openvas |
| FreeBSD Ports: openldap-server | 4 Sep 200800:00 | – | openvas |
| Fedora Update for openldap FEDORA-2007-2796 | 27 Feb 200900:00 | – | openvas |
10
| Source | Link |
|---|---|
| debian | www.debian.org/security/2008/DSA-1541-1 |
| security-tracker | www.security-tracker.debian.org/tracker/DSA-1541 |
# SPDX-FileCopyrightText: 2008 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.60787");
script_cve_id("CVE-2007-5707", "CVE-2007-5708", "CVE-2007-6698", "CVE-2008-0658");
script_tag(name:"creation_date", value:"2008-04-21 18:40:14 +0000 (Mon, 21 Apr 2008)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"7.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_name("Debian: Security Advisory (DSA-1541-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB4");
script_xref(name:"Advisory-ID", value:"DSA-1541-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2008/DSA-1541-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-1541");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'openldap2.3' package(s) announced via the DSA-1541-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-5707
Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requests.
CVE-2007-5708
Toby Blade discovered that incorrect memory handling in slapo-pcache could lead to denial of service through crafted search requests.
CVE-2007-6698
It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modify requests.
CVE-2008-0658
It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modrdn requests.
For the stable distribution (etch), these problems have been fixed in version 2.3.30-5+etch1.
For the unstable distribution (sid), these problems have been fixed in version 2.4.7-6.1.
We recommend that you upgrade your openldap2.3 packages.");
script_tag(name:"affected", value:"'openldap2.3' package(s) on Debian 4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB4") {
if(!isnull(res = isdpkgvuln(pkg:"ldap-utils", ver:"2.3.30-5+etch1", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libldap-2.3-0", ver:"2.3.30-5+etch1", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"slapd", ver:"2.3.30-5+etch1", rls:"DEB4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo21 Apr 2008 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS27.1
EPSS0.06446