Search...

RedHat Update for nss_ldap RHSA-2008:0389-02

2009-03-06T00:00:00

ID OPENVAS:1361412562310870173
Type openvas
Reporter Copyright (C) 2009 Greenbone Networks GmbH
Modified 2018-04-06T00:00:00

Description

Check for the Version of nss_ldap

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for nss_ldap RHSA-2008:0389-02
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "The nss_ldap package contains the nss_ldap and pam_ldap modules. The
  nss_ldap module is a plug-in which allows applications to retrieve
  information about users and groups from a directory server. The pam_ldap
  module allows PAM-aware applications to use a directory server to verify
  user passwords.

  A race condition was discovered in nss_ldap which affected certain
  applications which make LDAP connections, such as Dovecot. This could cause
  nss_ldap to answer a request for information about one user with
  information about a different user. (CVE-2007-5794)
  
  In addition, these updated packages fix the following bugs:
  
  * a build error prevented the nss_ldap module from being able to use DNS to
  discover the location of a directory server. For example, when the
  /etc/nsswitch.conf configuration file was configured to use &quot;ldap&quot;, but no
  &quot;host&quot; or &quot;uri&quot; option was configured in the /etc/ldap.conf configuration
  file, no directory server was contacted, and no results were returned.
  
  * the &quot;port&quot; option in the /etc/ldap.conf configuration file on client
  machines was ignored. For example, if a directory server which you were
  attempting to use was listening on a non-default port (i.e. not ports 389
  or 636), it was only possible to use that directory server by including the
  port number in the &quot;uri&quot; option. In this updated package, the &quot;port&quot; option
  works as expected.
  
  * pam_ldap failed to change an expired password if it had to follow a
  referral to do so, which could occur, for example, when using a slave
  directory server in a replicated environment. An error such as the
  following occurred after entering a new password: &quot;LDAP password
  information update failed: Can't contact LDAP server Insufficient 'write'
  privilege to the 'userPassword' attribute&quot;
  
  This has been resolved in this updated package.
  
  * when the &quot;pam_password exop_send_old&quot; password-change method was
  configured in the /etc/ldap.conf configuration file, a logic error in the
  pam_ldap module caused client machines to attempt to change a user's
  password twice. First, the pam_ldap module attempted to change the password
  using the &quot;exop&quot; request, and then again using an LDAP modify request.
  
  * on Red Hat Enterprise Linux 5.1, rebuilding nss_ldap-253-5.el5 when the
  krb5-*-1.6.1-17.el5 packages were installed failed due to an error such as
  the following:
  
  	+ /builddir/build/SOURCES/dlopen.sh ./nss_ldap-253/nss_ldap.so
  	dlopen() of &quot;././nss_l ... 

  Description truncated, for more information please check the Reference URL";

tag_affected = "nss_ldap on Red Hat Enterprise Linux (v. 5 server)";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2008-May/msg00022.html");
  script_oid("1.3.6.1.4.1.25623.1.0.870173");
  script_version("$Revision: 9370 $");
  script_tag(name:"last_modification", value:"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $");
  script_tag(name:"creation_date", value:"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_xref(name: "RHSA", value: "2008:0389-02");
  script_cve_id("CVE-2007-5794");
  script_name( "RedHat Update for nss_ldap RHSA-2008:0389-02");

  script_tag(name:"summary", value:"Check for the Version of nss_ldap");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "RHENT_5")
{

  if ((res = isrpmvuln(pkg:"nss_ldap", rpm:"nss_ldap~253~12.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"nss_ldap-debuginfo", rpm:"nss_ldap-debuginfo~253~12.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310870173", "type": "openvas", "bulletinFamily": "scanner", "title": "RedHat Update for nss_ldap RHSA-2008:0389-02", "description": "Check for the Version of nss_ldap", "published": "2009-03-06T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/", "score": 4.3}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870173", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["2008:0389-02", "https://www.redhat.com/archives/rhsa-announce/2008-May/msg00022.html"], "cvelist": ["CVE-2007-5794"], "lastseen": "2018-04-09T11:41:58", "viewCount": 0, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2018-04-09T11:41:58", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-5794"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830734", "OPENVAS:830734", "OPENVAS:1361412562310122584", "OPENVAS:59641", "OPENVAS:60009", "OPENVAS:870173", "OPENVAS:65416", "OPENVAS:1361412562310870137", "OPENVAS:870137", "OPENVAS:136141256231065416"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8377", "SECURITYVULNS:DOC:18502"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1430-1:B66E7"]}, {"type": "redhat", "idList": ["RHSA-2008:0715", "RHSA-2008:0389"]}, {"type": "nessus", "idList": ["SUSE_NSS_LDAP-4773.NASL", "SUSE_NSS_LDAP-4781.NASL", "DEBIAN_DSA-1430.NASL", "MANDRIVA_MDVSA-2008-049.NASL", "SL_20080724_NSS_LDAP_ON_SL4_X.NASL", "REDHAT-RHSA-2008-0389.NASL", "REDHAT-RHSA-2008-0715.NASL", "SL_20080521_NSS_LDAP_ON_SL5_X.NASL", "GENTOO_GLSA-200711-33.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0715", "ELSA-2008-0389"]}, {"type": "gentoo", "idList": ["GLSA-200711-33"]}, {"type": "seebug", "idList": ["SSV:2433"]}], "modified": "2018-04-09T11:41:58", "rev": 2}, "vulnersScore": 6.2}, "pluginID": "1361412562310870173", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss_ldap RHSA-2008:0389-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The nss_ldap package contains the nss_ldap and pam_ldap modules. The\n nss_ldap module is a plug-in which allows applications to retrieve\n information about users and groups from a directory server. The pam_ldap\n module allows PAM-aware applications to use a directory server to verify\n user passwords.\n\n A race condition was discovered in nss_ldap which affected certain\n applications which make LDAP connections, such as Dovecot. This could cause\n nss_ldap to answer a request for information about one user with\n information about a different user. (CVE-2007-5794)\n \n In addition, these updated packages fix the following bugs:\n \n * a build error prevented the nss_ldap module from being able to use DNS to\n discover the location of a directory server. For example, when the\n /etc/nsswitch.conf configuration file was configured to use "ldap", but no\n "host" or "uri" option was configured in the /etc/ldap.conf configuration\n file, no directory server was contacted, and no results were returned.\n \n * the "port" option in the /etc/ldap.conf configuration file on client\n machines was ignored. For example, if a directory server which you were\n attempting to use was listening on a non-default port (i.e. not ports 389\n or 636), it was only possible to use that directory server by including the\n port number in the "uri" option. In this updated package, the "port" option\n works as expected.\n \n * pam_ldap failed to change an expired password if it had to follow a\n referral to do so, which could occur, for example, when using a slave\n directory server in a replicated environment. An error such as the\n following occurred after entering a new password: "LDAP password\n information update failed: Can't contact LDAP server Insufficient 'write'\n privilege to the 'userPassword' attribute"\n \n This has been resolved in this updated package.\n \n * when the "pam_password exop_send_old" password-change method was\n configured in the /etc/ldap.conf configuration file, a logic error in the\n pam_ldap module caused client machines to attempt to change a user's\n password twice. First, the pam_ldap module attempted to change the password\n using the "exop" request, and then again using an LDAP modify request.\n \n * on Red Hat Enterprise Linux 5.1, rebuilding nss_ldap-253-5.el5 when the\n krb5-*-1.6.1-17.el5 packages were installed failed due to an error such as\n the following:\n \n \t+ /builddir/build/SOURCES/dlopen.sh ./nss_ldap-253/nss_ldap.so\n \tdlopen() of "././nss_l ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"nss_ldap on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-May/msg00022.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870173\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2008:0389-02\");\n script_cve_id(\"CVE-2007-5794\");\n script_name( \"RedHat Update for nss_ldap RHSA-2008:0389-02\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of nss_ldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss_ldap\", rpm:\"nss_ldap~253~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_ldap-debuginfo\", rpm:\"nss_ldap-debuginfo~253~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Red Hat Local Security Checks", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:31:27", "description": "Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.", "edition": 4, "cvss3": {}, "published": "2007-11-13T23:46:00", "title": "CVE-2007-5794", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5794"], "modified": "2018-10-15T21:46:00", "cpe": ["cpe:/a:nss_ldap:nss_ldap:*"], "id": "CVE-2007-5794", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5794", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:nss_ldap:nss_ldap:*:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-27T10:56:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "description": "Check for the Version of nss_ldap", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870137", "href": "http://plugins.openvas.org/nasl.php?oid=870137", "type": "openvas", "title": "RedHat Update for nss_ldap RHSA-2008:0715-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss_ldap RHSA-2008:0715-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The nss_ldap package contains the nss_ldap and pam_ldap modules. The\n nss_ldap module is a plug-in which allows applications to retrieve\n information about users and groups from a directory server. The pam_ldap\n module allows PAM-aware applications to use a directory server to verify\n user passwords.\n\n A race condition was discovered in nss_ldap, which affected certain\n applications that make LDAP connections, such as Dovecot. This could cause\n nss_ldap to answer a request for information about one user with the\n information about a different user. (CVE-2007-5794)\n \n As well, this updated package fixes the following bugs:\n \n * in certain situations, on Itanium(R) architectures, when an application\n performed an LDAP lookup for a highly populated group, for example,\n containing more than 150 members, the application crashed, or may have\n caused a segmentation fault. As well, this issue may have caused commands,\n such as "ls", to return a "ber_free_buf: Assertion" error.\n \n * when an application enumerated members of a netgroup, the nss_ldap\n module returned a successful status result and the netgroup name, even\n when the netgroup did not exist. This behavior was not consistent with\n other modules. In this updated package, nss_ldap no longer returns a\n successful status when the netgroup does not exist.\n \n * in master and slave server environments, with systems that were\n configured to use a read-only directory server, if user log in attempts\n were denied because their passwords had expired, and users attempted to\n immediately change their passwords, the replication server returned an LDAP\n referral, instructing the pam_ldap module to resissue its request to a\n different server; however, the pam_ldap module failed to do so. In these\n situations, an error such as the following occurred:\n \n LDAP password information update failed: Can't contact LDAP server\n Insufficient 'write' privilege to the 'userPassword' attribute of entry\n [entry]\n \n In this updated package, password changes are allowed when binding against\n a slave server, which resolves this issue.\n \n * when a system used a directory server for naming information, and\n "nss_initgroups_ignoreusers root" was configured in "/etc/ldap.conf",\n dbus-daemon-1 would hang. Running the "service messagebus start" command\n did not start the service, and it did not fail, which would stop the boot\n process if it was not cancelled.\n \n As well, this u ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"nss_ldap on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-July/msg00032.html\");\n script_id(870137);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2008:0715-01\");\n script_cve_id(\"CVE-2007-5794\");\n script_name( \"RedHat Update for nss_ldap RHSA-2008:0715-01\");\n\n script_summary(\"Check for the Version of nss_ldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss_ldap\", rpm:\"nss_ldap~253~5.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_ldap-debuginfo\", rpm:\"nss_ldap-debuginfo~253~5.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-09T11:41:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "description": "Check for the Version of nss_ldap", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870137", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870137", "type": "openvas", "title": "RedHat Update for nss_ldap RHSA-2008:0715-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss_ldap RHSA-2008:0715-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The nss_ldap package contains the nss_ldap and pam_ldap modules. The\n nss_ldap module is a plug-in which allows applications to retrieve\n information about users and groups from a directory server. The pam_ldap\n module allows PAM-aware applications to use a directory server to verify\n user passwords.\n\n A race condition was discovered in nss_ldap, which affected certain\n applications that make LDAP connections, such as Dovecot. This could cause\n nss_ldap to answer a request for information about one user with the\n information about a different user. (CVE-2007-5794)\n \n As well, this updated package fixes the following bugs:\n \n * in certain situations, on Itanium(R) architectures, when an application\n performed an LDAP lookup for a highly populated group, for example,\n containing more than 150 members, the application crashed, or may have\n caused a segmentation fault. As well, this issue may have caused commands,\n such as "ls", to return a "ber_free_buf: Assertion" error.\n \n * when an application enumerated members of a netgroup, the nss_ldap\n module returned a successful status result and the netgroup name, even\n when the netgroup did not exist. This behavior was not consistent with\n other modules. In this updated package, nss_ldap no longer returns a\n successful status when the netgroup does not exist.\n \n * in master and slave server environments, with systems that were\n configured to use a read-only directory server, if user log in attempts\n were denied because their passwords had expired, and users attempted to\n immediately change their passwords, the replication server returned an LDAP\n referral, instructing the pam_ldap module to resissue its request to a\n different server; however, the pam_ldap module failed to do so. In these\n situations, an error such as the following occurred:\n \n LDAP password information update failed: Can't contact LDAP server\n Insufficient 'write' privilege to the 'userPassword' attribute of entry\n [entry]\n \n In this updated package, password changes are allowed when binding against\n a slave server, which resolves this issue.\n \n * when a system used a directory server for naming information, and\n "nss_initgroups_ignoreusers root" was configured in "/etc/ldap.conf",\n dbus-daemon-1 would hang. Running the "service messagebus start" command\n did not start the service, and it did not fail, which would stop the boot\n process if it was not cancelled.\n \n As well, this u ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"nss_ldap on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-July/msg00032.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870137\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2008:0715-01\");\n script_cve_id(\"CVE-2007-5794\");\n script_name( \"RedHat Update for nss_ldap RHSA-2008:0715-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of nss_ldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss_ldap\", rpm:\"nss_ldap~253~5.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_ldap-debuginfo\", rpm:\"nss_ldap-debuginfo~253~5.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "description": "Check for the Version of nss_ldap", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830734", "href": "http://plugins.openvas.org/nasl.php?oid=830734", "type": "openvas", "title": "Mandriva Update for nss_ldap MDVSA-2008:049 (nss_ldap)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for nss_ldap MDVSA-2008:049 (nss_ldap)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A race condition in nss_ldap, when used in applications that use\n pthread and fork after a call to nss_ldap, does not properly handle the\n LDAP connection, which might cause nss_ldap to return the wrong user\n data to the wrong process, giving one user access to data belonging\n to another user, in some cases.\n\n The updated package hais been patched to prevent this issue.\";\n\ntag_affected = \"nss_ldap on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-02/msg00031.php\");\n script_id(830734);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDVSA\", value: \"2008:049\");\n script_cve_id(\"CVE-2007-5794\");\n script_name( \"Mandriva Update for nss_ldap MDVSA-2008:049 (nss_ldap)\");\n\n script_summary(\"Check for the Version of nss_ldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss_ldap-250\", rpm:\"nss_ldap-250~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "description": "The remote host is missing an update to libnss-ldap\nannounced via advisory DSA 1430-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:60009", "href": "http://plugins.openvas.org/nasl.php?oid=60009", "type": "openvas", "title": "Debian Security Advisory DSA 1430-1 (libnss-ldap)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1430_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1430-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was reported that a race condition exists in libnss-ldap, an\nNSS module for using LDAP as a naming service, which could cause\ndenial of service attacks when applications use pthreads.\n\nThis problem was spotted in the dovecot IMAP/POP server but\npotentially affects more programs.\n\nFor the stable distribution (etch), this problem has been fixed in version\n251-7.5etch1.\n\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 238-1sarge1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 256-1.\n\nWe recommend that you upgrade your libnss-ldap package.\";\ntag_summary = \"The remote host is missing an update to libnss-ldap\nannounced via advisory DSA 1430-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201430-1\";\n\nif(description)\n{\n script_id(60009);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-5794\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Debian Security Advisory DSA 1430-1 (libnss-ldap)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnss-ldap\", ver:\"238-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-ldap\", ver:\"251-7.5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200711-33.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:59641", "href": "http://plugins.openvas.org/nasl.php?oid=59641", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200711-33 (nss_ldap)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A race condition might lead to theft of user credentials or information\ndisclosure in services using nss_ldap.\";\ntag_solution = \"All nss_ldap users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-auth/nss_ldap-258'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200711-33\nhttp://bugs.gentoo.org/show_bug.cgi?id=198390\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200711-33.\";\n\n \n\nif(description)\n{\n script_id(59641);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-5794\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200711-33 (nss_ldap)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"sys-auth/nss_ldap\", unaffected: make_list(\"ge 258\"), vulnerable: make_list(\"lt 258\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-27T10:56:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "description": "Check for the Version of nss_ldap", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870173", "href": "http://plugins.openvas.org/nasl.php?oid=870173", "type": "openvas", "title": "RedHat Update for nss_ldap RHSA-2008:0389-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss_ldap RHSA-2008:0389-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The nss_ldap package contains the nss_ldap and pam_ldap modules. The\n nss_ldap module is a plug-in which allows applications to retrieve\n information about users and groups from a directory server. The pam_ldap\n module allows PAM-aware applications to use a directory server to verify\n user passwords.\n\n A race condition was discovered in nss_ldap which affected certain\n applications which make LDAP connections, such as Dovecot. This could cause\n nss_ldap to answer a request for information about one user with\n information about a different user. (CVE-2007-5794)\n \n In addition, these updated packages fix the following bugs:\n \n * a build error prevented the nss_ldap module from being able to use DNS to\n discover the location of a directory server. For example, when the\n /etc/nsswitch.conf configuration file was configured to use "ldap", but no\n "host" or "uri" option was configured in the /etc/ldap.conf configuration\n file, no directory server was contacted, and no results were returned.\n \n * the "port" option in the /etc/ldap.conf configuration file on client\n machines was ignored. For example, if a directory server which you were\n attempting to use was listening on a non-default port (i.e. not ports 389\n or 636), it was only possible to use that directory server by including the\n port number in the "uri" option. In this updated package, the "port" option\n works as expected.\n \n * pam_ldap failed to change an expired password if it had to follow a\n referral to do so, which could occur, for example, when using a slave\n directory server in a replicated environment. An error such as the\n following occurred after entering a new password: "LDAP password\n information update failed: Can't contact LDAP server Insufficient 'write'\n privilege to the 'userPassword' attribute"\n \n This has been resolved in this updated package.\n \n * when the "pam_password exop_send_old" password-change method was\n configured in the /etc/ldap.conf configuration file, a logic error in the\n pam_ldap module caused client machines to attempt to change a user's\n password twice. First, the pam_ldap module attempted to change the password\n using the "exop" request, and then again using an LDAP modify request.\n \n * on Red Hat Enterprise Linux 5.1, rebuilding nss_ldap-253-5.el5 when the\n krb5-*-1.6.1-17.el5 packages were installed failed due to an error such as\n the following:\n \n \t+ /builddir/build/SOURCES/dlopen.sh ./nss_ldap-253/nss_ldap.so\n \tdlopen() of "././nss_l ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"nss_ldap on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-May/msg00022.html\");\n script_id(870173);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2008:0389-02\");\n script_cve_id(\"CVE-2007-5794\");\n script_name( \"RedHat Update for nss_ldap RHSA-2008:0389-02\");\n\n script_summary(\"Check for the Version of nss_ldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss_ldap\", rpm:\"nss_ldap~253~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_ldap-debuginfo\", rpm:\"nss_ldap-debuginfo~253~12.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-09T11:39:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "description": "Check for the Version of nss_ldap", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830734", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830734", "type": "openvas", "title": "Mandriva Update for nss_ldap MDVSA-2008:049 (nss_ldap)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for nss_ldap MDVSA-2008:049 (nss_ldap)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A race condition in nss_ldap, when used in applications that use\n pthread and fork after a call to nss_ldap, does not properly handle the\n LDAP connection, which might cause nss_ldap to return the wrong user\n data to the wrong process, giving one user access to data belonging\n to another user, in some cases.\n\n The updated package hais been patched to prevent this issue.\";\n\ntag_affected = \"nss_ldap on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-02/msg00031.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830734\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDVSA\", value: \"2008:049\");\n script_cve_id(\"CVE-2007-5794\");\n script_name( \"Mandriva Update for nss_ldap MDVSA-2008:049 (nss_ldap)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of nss_ldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss_ldap-250\", rpm:\"nss_ldap-250~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:40:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nss_ldap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021857 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065416", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065416", "type": "openvas", "title": "SLES9: Security update for nss_ldap", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021857.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for nss_ldap\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nss_ldap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021857 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65416\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-5794\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for nss_ldap\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nss_ldap\", rpm:\"nss_ldap~215~59.19\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-26T08:56:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nss_ldap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021857 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65416", "href": "http://plugins.openvas.org/nasl.php?oid=65416", "type": "openvas", "title": "SLES9: Security update for nss_ldap", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021857.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for nss_ldap\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nss_ldap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021857 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65416);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-5794\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for nss_ldap\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nss_ldap\", rpm:\"nss_ldap~215~59.19\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:36:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "description": "Oracle Linux Local Security Checks ELSA-2008-0389", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122584", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122584", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0389", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0389.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122584\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:48:38 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0389\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0389 - nss_ldap security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0389\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0389.html\");\n script_cve_id(\"CVE-2007-5794\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"nss_ldap\", rpm:\"nss_ldap~253~12.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:43", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5794"], "edition": 1, "description": "### Background\n\nnss_ldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. \n\n### Description\n\nJosh Burley reported that nss_ldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded applications using nss_ldap, which might lead to requested data being returned to a wrong process. \n\n### Impact\n\nRemote attackers could exploit this race condition by sending queries to a vulnerable server using nss_ldap, possibly leading to theft of user credentials or information disclosure (e.g. Dovecot returning wrong mailbox contents). \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll nss_ldap users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-auth/nss_ldap-258\"", "modified": "2007-11-25T00:00:00", "published": "2007-11-25T00:00:00", "id": "GLSA-200711-33", "href": "https://security.gentoo.org/glsa/200711-33", "type": "gentoo", "title": "nss_ldap: Information disclosure", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:53", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5794"], "description": "The nss_ldap package contains the nss_ldap and pam_ldap modules. The\nnss_ldap module is a plug-in which allows applications to retrieve\ninformation about users and groups from a directory server. The pam_ldap\nmodule allows PAM-aware applications to use a directory server to verify\nuser passwords.\n\nA race condition was discovered in nss_ldap which affected certain\napplications which make LDAP connections, such as Dovecot. This could cause\nnss_ldap to answer a request for information about one user with\ninformation about a different user. (CVE-2007-5794)\n\nIn addition, these updated packages fix the following bugs:\n\n* a build error prevented the nss_ldap module from being able to use DNS to\ndiscover the location of a directory server. For example, when the\n/etc/nsswitch.conf configuration file was configured to use \"ldap\", but no\n\"host\" or \"uri\" option was configured in the /etc/ldap.conf configuration\nfile, no directory server was contacted, and no results were returned.\n\n* the \"port\" option in the /etc/ldap.conf configuration file on client\nmachines was ignored. For example, if a directory server which you were\nattempting to use was listening on a non-default port (i.e. not ports 389\nor 636), it was only possible to use that directory server by including the\nport number in the \"uri\" option. In this updated package, the \"port\" option\nworks as expected.\n\n* pam_ldap failed to change an expired password if it had to follow a\nreferral to do so, which could occur, for example, when using a slave\ndirectory server in a replicated environment. An error such as the\nfollowing occurred after entering a new password: \"LDAP password\ninformation update failed: Can't contact LDAP server Insufficient 'write'\nprivilege to the 'userPassword' attribute\"\n\nThis has been resolved in this updated package.\n\n* when the \"pam_password exop_send_old\" password-change method was\nconfigured in the /etc/ldap.conf configuration file, a logic error in the\npam_ldap module caused client machines to attempt to change a user's\npassword twice. First, the pam_ldap module attempted to change the password\nusing the \"exop\" request, and then again using an LDAP modify request.\n\n* on Red Hat Enterprise Linux 5.1, rebuilding nss_ldap-253-5.el5 when the\nkrb5-*-1.6.1-17.el5 packages were installed failed due to an error such as\nthe following:\n\n\t+ /builddir/build/SOURCES/dlopen.sh ./nss_ldap-253/nss_ldap.so\n\tdlopen() of \"././nss_ldap-253/nss_ldap.so\" failed:\n\t./././nss_ldap-253/nss_ldap.so: undefined symbol: request_key\n\terror: Bad exit status from /var/tmp/rpm-tmp.62652 (%build)\n\nThe missing libraries have been added, which resolves this issue.\n\nWhen recursively enumerating the set of members in a given group, the\nmodule would allocate insufficient space for storing the set of member\nnames if the group itself contained other groups, thus corrupting the heap.\nThis update includes a backported fix for this bug.\n\nUsers of nss_ldap should upgrade to these updated packages, which contain\nbackported patches to correct this issue and fix these bugs.\n", "modified": "2017-09-08T11:54:37", "published": "2008-05-20T04:00:00", "id": "RHSA-2008:0389", "href": "https://access.redhat.com/errata/RHSA-2008:0389", "type": "redhat", "title": "(RHSA-2008:0389) Low: nss_ldap security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:07", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5794"], "description": "The nss_ldap package contains the nss_ldap and pam_ldap modules. The\nnss_ldap module is a plug-in which allows applications to retrieve\ninformation about users and groups from a directory server. The pam_ldap\nmodule allows PAM-aware applications to use a directory server to verify\nuser passwords.\n\nA race condition was discovered in nss_ldap, which affected certain\napplications that make LDAP connections, such as Dovecot. This could cause\nnss_ldap to answer a request for information about one user with the\ninformation about a different user. (CVE-2007-5794)\n\nAs well, this updated package fixes the following bugs:\n\n* in certain situations, on Itanium(R) architectures, when an application\nperformed an LDAP lookup for a highly populated group, for example,\ncontaining more than 150 members, the application crashed, or may have\ncaused a segmentation fault. As well, this issue may have caused commands,\nsuch as \"ls\", to return a \"ber_free_buf: Assertion\" error.\n\n* when an application enumerated members of a netgroup, the nss_ldap\nmodule returned a successful status result and the netgroup name, even\nwhen the netgroup did not exist. This behavior was not consistent with\nother modules. In this updated package, nss_ldap no longer returns a\nsuccessful status when the netgroup does not exist.\n\n* in master and slave server environments, with systems that were\nconfigured to use a read-only directory server, if user log in attempts\nwere denied because their passwords had expired, and users attempted to\nimmediately change their passwords, the replication server returned an LDAP\nreferral, instructing the pam_ldap module to resissue its request to a\ndifferent server; however, the pam_ldap module failed to do so. In these\nsituations, an error such as the following occurred:\n\nLDAP password information update failed: Can't contact LDAP server\nInsufficient 'write' privilege to the 'userPassword' attribute of entry\n[entry]\n\nIn this updated package, password changes are allowed when binding against\na slave server, which resolves this issue.\n\n* when a system used a directory server for naming information, and\n\"nss_initgroups_ignoreusers root\" was configured in \"/etc/ldap.conf\",\ndbus-daemon-1 would hang. Running the \"service messagebus start\" command\ndid not start the service, and it did not fail, which would stop the boot\nprocess if it was not cancelled.\n\nAs well, this updated package upgrades nss_ldap to the version as shipped\nwith Red Hat Enterprise Linux 5.\n\nUsers of nss_ldap are advised to upgrade to this updated package, which\nresolves these issues.", "modified": "2017-09-08T12:16:41", "published": "2008-07-24T04:00:00", "id": "RHSA-2008:0715", "href": "https://access.redhat.com/errata/RHSA-2008:0715", "type": "redhat", "title": "(RHSA-2008:0715) Low: nss_ldap security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:17", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5794"], "description": "[253-12]\n- rebuild\n[253-11]\n- backport changes to group parsing from version 254 to fix heap corruption\n when parsing nested groups (#444031)\n[253-10]\n- remove unnecessary nss_ldap linkage to libnsl (part of #427370)\n[253-9]\n- rebuild\n[253-8]\n- incorporate Tomas Janouseks fix to prevent re-use of connections across\n fork() (#252337)\n[253-7]\n- add keyutils-libs-devel and libselinux-devel as a buildrequires: in order to\n static link with newer Kerberos (#427370)\n[253-6]\n- suppress password-expired errors encountered during referral chases during\n modify requests (#335661)\n- interpret server-supplied policy controls when chasing referrals, so that\n we dont give up when following a referral for a password change after\n reset (#335661)\n- dont attempt to change the password using ldap_modify if the password\n change mode is 'exop_send_old' (we already didnt for 'exop') (#364501)\n- dont drop the supplied password if the directory server indicates that\n the password needs to be changed because its just been reset: we may need\n it to chase a referral later (#335661)\n- correctly detect libresolv and build a URI using discovered settings, so that\n server discovery can work again (#254172)\n- honor the 'port' setting again by correctly detecting when a URI doesnt\n already specify one (#326351)", "edition": 4, "modified": "2008-05-30T00:00:00", "published": "2008-05-30T00:00:00", "id": "ELSA-2008-0389", "href": "http://linux.oracle.com/errata/ELSA-2008-0389.html", "title": "nss_ldap security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:35", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5794"], "description": "[253-5]\n- build with strict-aliasing disabled, because pam_ldap breaks strict-aliasing\n rules without it (tools)\n[253-4]\n- block SIGPIPE in the atfork handler, so that it doesnt trip up when\n attempting to drop a connection to the server (#448833)\n[253-3]\n- add patch to make netgroup enumeration fail due to lack of entries in\n setnetgrent(), rather than in getnetgrent(), to match how other mechanisms\n work (Jose Plans, #253997)\n[253-2]\n- add fix for not double-freeing the result list when we try to initialize an\n internal enumeration context while we have one active (#233382)\n[253-1]\n- rebase to nss_ldap 253 (#401731)\n - fixes leftover lock problem in nss_initgroups_ignoreusers handling (#429101)\n - fixes re-use of connections across fork() (#155187)", "edition": 4, "modified": "2008-08-01T00:00:00", "published": "2008-08-01T00:00:00", "id": "ELSA-2008-0715", "href": "http://linux.oracle.com/errata/ELSA-2008-0715.html", "title": "nss_ldap security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:24", "bulletinFamily": "software", "cvelist": ["CVE-2007-5794"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200711-33\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Low\r\n Title: nss_ldap: Information disclosure\r\n Date: November 25, 2007\r\n Bugs: #198390\r\n ID: 200711-33\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nA race condition might lead to theft of user credentials or information\r\ndisclosure in services using nss_ldap.\r\n\r\nBackground\r\n==========\r\n\r\nnss_ldap is a Name Service Switch module which allows 'passwd', 'group'\r\nand 'host' database information to be pulled from LDAP.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 sys-auth/nss_ldap < 258 >= 258\r\n\r\nDescription\r\n===========\r\n\r\nJosh Burley reported that nss_ldap does not properly handle the LDAP\r\nconnections due to a race condition that can be triggered by\r\nmulti-threaded applications using nss_ldap, which might lead to\r\nrequested data being returned to a wrong process.\r\n\r\nImpact\r\n======\r\n\r\nRemote attackers could exploit this race condition by sending queries\r\nto a vulnerable server using nss_ldap, possibly leading to theft of\r\nuser credentials or information disclosure (e.g. Dovecot returning\r\nwrong mailbox contents).\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll nss_ldap users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=sys-auth/nss_ldap-258"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2007-5794\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200711-33.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2007 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (GNU/Linux)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFHSeycuhJ+ozIKI5gRAjvwAKCc3Et4rezJasP3RT7sWY+pHyShwACfVwbg\r\n67oYKwgTwEYBnnY/v5ZQ5zw=\r\n=TEDE\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2007-11-26T00:00:00", "published": "2007-11-26T00:00:00", "id": "SECURITYVULNS:DOC:18502", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18502", "title": "[ GLSA 200711-33 ] nss_ldap: Information disclosure", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "cvelist": ["CVE-2007-5794"], "description": "Race conditions in multithread applications.", "edition": 1, "modified": "2007-11-26T00:00:00", "published": "2007-11-26T00:00:00", "id": "SECURITYVULNS:VULN:8377", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8377", "title": "nss_ldap information leak", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:55", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5794"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1430-1 security@debian.org\nhttp://www.debian.org/security/ Steve Kemp\nDecember 11, 2007 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : libnss-ldap\nVulnerability : denial of service\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2007-5794\nDebian Bug : 453868\n\nIt was reported that a race condition exists in libnss-ldap, an\nNSS module for using LDAP as a naming service, which could cause\ndenial of service attacks when applications use pthreads.\n\nThis problem was spotted in the dovecot IMAP/POP server but\npotentially affects more programs.\n\nFor the stable distribution (etch), this problem has been fixed in version\n251-7.5etch1.\n\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 238-1sarge1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 256-1.\n\nWe recommend that you upgrade your libnss-ldap package.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238.orig.tar.gz\n Size/MD5 checksum: 219945 97fd929b381329b972b3c3ddca5a4bbf\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1.diff.gz\n Size/MD5 checksum: 26236 c7191ee3845dc23ccf2712e78daed8f1\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1.dsc\n Size/MD5 checksum: 681 3176fefa1d8d04afa9d3b458e40694a6\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_alpha.deb\n Size/MD5 checksum: 86756 30a9c1691dcec614e36fdea923ba3906\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_amd64.deb\n Size/MD5 checksum: 80218 18d9da468326040f466c10cac6f50734\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_arm.deb\n Size/MD5 checksum: 79216 adf473266dd1de600cc0360f697ec7d2\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_hppa.deb\n Size/MD5 checksum: 86324 f98ade45a20c5426ef30cb1290e34164\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_i386.deb\n Size/MD5 checksum: 78894 7bb744d57899867a0b1c326372de76ce\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_ia64.deb\n Size/MD5 checksum: 91930 d25cce59d45f8b8dc90b0fe3fcbf3ce0\n\nm68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_m68k.deb\n Size/MD5 checksum: 76894 3c574bc294eb02c337664de43e814f7f\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_mips.deb\n Size/MD5 checksum: 80482 0e54d051dde87e3b7984650c47bc3b3e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_mipsel.deb\n Size/MD5 checksum: 80594 9f3f4b5d6d7c9e6f84edd9ab40767e04\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_powerpc.deb\n Size/MD5 checksum: 81652 7ca152887a041fc3dc674a77e707d23f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_s390.deb\n Size/MD5 checksum: 83806 eab2386a51d35e31a4dd7fd0ed832a6d\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_sparc.deb\n Size/MD5 checksum: 79224 7d2ec91b89037fd137e98d3640ba1bb4\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1.diff.gz\n Size/MD5 checksum: 149322 04aa24732e69f40e5c3ab629b7e412d4\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251.orig.tar.gz\n Size/MD5 checksum: 228931 a80718b3f7cf46f2579a26f9d6fbcd46\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1.dsc\n Size/MD5 checksum: 683 007acb586d8bf61058c446a08aae4804\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_alpha.deb\n Size/MD5 checksum: 108812 1150911f5446d2bc7838fd3d9d56329d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_amd64.deb\n Size/MD5 checksum: 105206 7f2e2292e5c213a4d59e0c7240a9ca7e\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_arm.deb\n Size/MD5 checksum: 103946 bb4984bf517834f0278f00e8ba32a4ba\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_hppa.deb\n Size/MD5 checksum: 111288 2a7f758efdf03c296b2feea08205cdc7\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_i386.deb\n Size/MD5 checksum: 103732 0f29d1991d204b4a710e5f74bf056984\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_ia64.deb\n Size/MD5 checksum: 120362 e5649299793b90c3987305ac2212afad\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_mips.deb\n Size/MD5 checksum: 105148 1f42e34610dc974a6a5ff19a2dff1b24\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_mipsel.deb\n Size/MD5 checksum: 105360 af1ff4fd5a543b50f704a022798ebed0\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_powerpc.deb\n Size/MD5 checksum: 106458 13b702d831bde6e52507fdd466573122\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_s390.deb\n Size/MD5 checksum: 108466 10bc9129adbc56dd6c75569fc27a221c\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_sparc.deb\n Size/MD5 checksum: 103134 12c84546a715bca647b86943a226b361\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 2, "modified": "2007-12-11T00:00:00", "published": "2007-12-11T00:00:00", "id": "DEBIAN:DSA-1430-1:B66E7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00211.html", "title": "[SECURITY] [DSA 1430-1] New libnss-ldap packages fix denial of service", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "seebug": [{"lastseen": "2017-11-19T21:55:01", "description": "BUGTRAQ ID: 26452\r\nCVE(CAN) ID: CVE-2007-5794\r\n\r\nnss_ldap\u6a21\u5757\u53ef\u5728AIX\u3001Linux\u3001Solaris\u7b49\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u63d0\u4f9bLDAP\u540d\u79f0\u670d\u52a1\u4ea4\u6362\u670d\u52a1\u3002\r\n\r\n\u5982\u679c\u5e94\u7528\u7a0b\u5e8f\u94fe\u63a5\u5230pthread\u5e76\u4f7f\u7528nss_ldap\u8c03\u7528\u7136\u540efork\u7684\u8bdd\uff0c\u8fd9\u4e24\u4e2a\u8fdb\u7a0b\u5c31\u4f1a\u5171\u4eabldap\u8fde\u63a5\uff0c\u6ca1\u6709\u9501\u5b9a\u673a\u5236\u3002\u8fd9\u53ef\u80fd\u5bfc\u81f4\u901a\u8fc7\u5171\u4eab\u7684LDAP\u8fde\u63a5\u5411\u8fdb\u7a0b\u8fd4\u56de\u9519\u8bef\u6570\u636e\u3002\r\n\r\n\u8fd9\u4e2a\u6f0f\u6d1e\u7684\u8d77\u56e0\u662f\u5f53__pthread_once\u4e3a\u975e\u7a7a\u5c31\u8868\u793a__pthread_atfork\u4e5f\u4e3a\u975e\u7a7a\u8fd9\u4e2a\u5047\u8bbe\u662f\u9519\u8bef\u7684\u3002\u8fd9\u4e24\u4e2a\u53d8\u91cf\u4e4b\u95f4\u6ca1\u6709\u8054\u7cfb\uff0c\u8c03\u7528pthread_atfork\u5bf9nss_ldap\u4e2d\u7684__pthread_atfork\u503c\u6ca1\u6709\u5f71\u54cd\uff0c\u53cd\u4e4b\u4ea6\u7136\u3002\r\n\r\n\n\nPadl Software nss_ldap < Build 259\n \u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://www.padl.com/download/nss_ldap.tgz\" target=\"_blank\">http://www.padl.com/download/nss_ldap.tgz</a>", "published": "2007-11-17T00:00:00", "type": "seebug", "title": "PADL Nss_ldap\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-5794"], "modified": "2007-11-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2433", "id": "SSV:2433", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-17T13:06:15", "description": "An updated nss_ldap package that fixes a security issue and several\nbugs is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe nss_ldap package contains the nss_ldap and pam_ldap modules. The\nnss_ldap module is a plug-in which allows applications to retrieve\ninformation about users and groups from a directory server. The\npam_ldap module allows PAM-aware applications to use a directory\nserver to verify user passwords.\n\nA race condition was discovered in nss_ldap, which affected certain\napplications that make LDAP connections, such as Dovecot. This could\ncause nss_ldap to answer a request for information about one user with\nthe information about a different user. (CVE-2007-5794)\n\nAs well, this updated package fixes the following bugs :\n\n* in certain situations, on Itanium(R) architectures, when an\napplication performed an LDAP lookup for a highly populated group, for\nexample, containing more than 150 members, the application crashed, or\nmay have caused a segmentation fault. As well, this issue may have\ncaused commands, such as 'ls', to return a 'ber_free_buf: Assertion'\nerror.\n\n* when an application enumerated members of a netgroup, the nss_ldap\nmodule returned a successful status result and the netgroup name, even\nwhen the netgroup did not exist. This behavior was not consistent with\nother modules. In this updated package, nss_ldap no longer returns a\nsuccessful status when the netgroup does not exist.\n\n* in master and slave server environments, with systems that were\nconfigured to use a read-only directory server, if user log in\nattempts were denied because their passwords had expired, and users\nattempted to immediately change their passwords, the replication\nserver returned an LDAP referral, instructing the pam_ldap module to\nresissue its request to a different server; however, the pam_ldap\nmodule failed to do so. In these situations, an error such as the\nfollowing occurred :\n\nLDAP password information update failed: Can't contact LDAP server\nInsufficient 'write' privilege to the 'userPassword' attribute of\nentry [entry]\n\nIn this updated package, password changes are allowed when binding\nagainst a slave server, which resolves this issue.\n\n* when a system used a directory server for naming information, and\n'nss_initgroups_ignoreusers root' was configured in '/etc/ldap.conf',\ndbus-daemon-1 would hang. Running the 'service messagebus start'\ncommand did not start the service, and it did not fail, which would\nstop the boot process if it was not cancelled.\n\nAs well, this updated package upgrades nss_ldap to the version as\nshipped with Red Hat Enterprise Linux 5.\n\nUsers of nss_ldap are advised to upgrade to this updated package,\nwhich resolves these issues.", "edition": 28, "published": "2008-07-25T00:00:00", "title": "RHEL 4 : nss_ldap (RHSA-2008:0715)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "modified": "2008-07-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:nss_ldap"], "id": "REDHAT-RHSA-2008-0715.NASL", "href": "https://www.tenable.com/plugins/nessus/33583", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0715. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33583);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5794\");\n script_bugtraq_id(26452);\n script_xref(name:\"RHSA\", value:\"2008:0715\");\n\n script_name(english:\"RHEL 4 : nss_ldap (RHSA-2008:0715)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated nss_ldap package that fixes a security issue and several\nbugs is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe nss_ldap package contains the nss_ldap and pam_ldap modules. The\nnss_ldap module is a plug-in which allows applications to retrieve\ninformation about users and groups from a directory server. The\npam_ldap module allows PAM-aware applications to use a directory\nserver to verify user passwords.\n\nA race condition was discovered in nss_ldap, which affected certain\napplications that make LDAP connections, such as Dovecot. This could\ncause nss_ldap to answer a request for information about one user with\nthe information about a different user. (CVE-2007-5794)\n\nAs well, this updated package fixes the following bugs :\n\n* in certain situations, on Itanium(R) architectures, when an\napplication performed an LDAP lookup for a highly populated group, for\nexample, containing more than 150 members, the application crashed, or\nmay have caused a segmentation fault. As well, this issue may have\ncaused commands, such as 'ls', to return a 'ber_free_buf: Assertion'\nerror.\n\n* when an application enumerated members of a netgroup, the nss_ldap\nmodule returned a successful status result and the netgroup name, even\nwhen the netgroup did not exist. This behavior was not consistent with\nother modules. In this updated package, nss_ldap no longer returns a\nsuccessful status when the netgroup does not exist.\n\n* in master and slave server environments, with systems that were\nconfigured to use a read-only directory server, if user log in\nattempts were denied because their passwords had expired, and users\nattempted to immediately change their passwords, the replication\nserver returned an LDAP referral, instructing the pam_ldap module to\nresissue its request to a different server; however, the pam_ldap\nmodule failed to do so. In these situations, an error such as the\nfollowing occurred :\n\nLDAP password information update failed: Can't contact LDAP server\nInsufficient 'write' privilege to the 'userPassword' attribute of\nentry [entry]\n\nIn this updated package, password changes are allowed when binding\nagainst a slave server, which resolves this issue.\n\n* when a system used a directory server for naming information, and\n'nss_initgroups_ignoreusers root' was configured in '/etc/ldap.conf',\ndbus-daemon-1 would hang. Running the 'service messagebus start'\ncommand did not start the service, and it did not fail, which would\nstop the boot process if it was not cancelled.\n\nAs well, this updated package upgrades nss_ldap to the version as\nshipped with Red Hat Enterprise Linux 5.\n\nUsers of nss_ldap are advised to upgrade to this updated package,\nwhich resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0715\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss_ldap package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0715\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"nss_ldap-253-5.el4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss_ldap\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:06:08", "description": "An updated nss_ldap package that fixes a security issue and several\nbugs is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe nss_ldap package contains the nss_ldap and pam_ldap modules. The\nnss_ldap module is a plug-in which allows applications to retrieve\ninformation about users and groups from a directory server. The\npam_ldap module allows PAM-aware applications to use a directory\nserver to verify user passwords.\n\nA race condition was discovered in nss_ldap which affected certain\napplications which make LDAP connections, such as Dovecot. This could\ncause nss_ldap to answer a request for information about one user with\ninformation about a different user. (CVE-2007-5794)\n\nIn addition, these updated packages fix the following bugs :\n\n* a build error prevented the nss_ldap module from being able to use\nDNS to discover the location of a directory server. For example, when\nthe /etc/nsswitch.conf configuration file was configured to use\n'ldap', but no 'host' or 'uri' option was configured in the\n/etc/ldap.conf configuration file, no directory server was contacted,\nand no results were returned.\n\n* the 'port' option in the /etc/ldap.conf configuration file on client\nmachines was ignored. For example, if a directory server which you\nwere attempting to use was listening on a non-default port (i.e. not\nports 389 or 636), it was only possible to use that directory server\nby including the port number in the 'uri' option. In this updated\npackage, the 'port' option works as expected.\n\n* pam_ldap failed to change an expired password if it had to follow a\nreferral to do so, which could occur, for example, when using a slave\ndirectory server in a replicated environment. An error such as the\nfollowing occurred after entering a new password: 'LDAP password\ninformation update failed: Can't contact LDAP server Insufficient\n'write' privilege to the 'userPassword' attribute'\n\nThis has been resolved in this updated package.\n\n* when the 'pam_password exop_send_old' password-change method was\nconfigured in the /etc/ldap.conf configuration file, a logic error in\nthe pam_ldap module caused client machines to attempt to change a\nuser's password twice. First, the pam_ldap module attempted to change\nthe password using the 'exop' request, and then again using an LDAP\nmodify request.\n\n* on Red Hat Enterprise Linux 5.1, rebuilding nss_ldap-253-5.el5 when\nthe krb5-*-1.6.1-17.el5 packages were installed failed due to an error\nsuch as the following :\n\n+ /builddir/build/SOURCES/dlopen.sh ./nss_ldap-253/nss_ldap.so\ndlopen() of '././nss_ldap-253/nss_ldap.so' failed:\n./././nss_ldap-253/nss_ldap.so: undefined symbol: request_key error:\nBad exit status from /var/tmp/rpm-tmp.62652 (%build)\n\nThe missing libraries have been added, which resolves this issue.\n\nWhen recursively enumerating the set of members in a given group, the\nmodule would allocate insufficient space for storing the set of member\nnames if the group itself contained other groups, thus corrupting the\nheap. This update includes a backported fix for this bug.\n\nUsers of nss_ldap should upgrade to these updated packages, which\ncontain backported patches to correct this issue and fix these bugs.", "edition": 28, "published": "2008-05-22T00:00:00", "title": "RHEL 5 : nss_ldap (RHSA-2008:0389)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "modified": "2008-05-22T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:nss_ldap"], "id": "REDHAT-RHSA-2008-0389.NASL", "href": "https://www.tenable.com/plugins/nessus/32426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0389. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32426);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5794\");\n script_bugtraq_id(26452);\n script_xref(name:\"RHSA\", value:\"2008:0389\");\n\n script_name(english:\"RHEL 5 : nss_ldap (RHSA-2008:0389)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated nss_ldap package that fixes a security issue and several\nbugs is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe nss_ldap package contains the nss_ldap and pam_ldap modules. The\nnss_ldap module is a plug-in which allows applications to retrieve\ninformation about users and groups from a directory server. The\npam_ldap module allows PAM-aware applications to use a directory\nserver to verify user passwords.\n\nA race condition was discovered in nss_ldap which affected certain\napplications which make LDAP connections, such as Dovecot. This could\ncause nss_ldap to answer a request for information about one user with\ninformation about a different user. (CVE-2007-5794)\n\nIn addition, these updated packages fix the following bugs :\n\n* a build error prevented the nss_ldap module from being able to use\nDNS to discover the location of a directory server. For example, when\nthe /etc/nsswitch.conf configuration file was configured to use\n'ldap', but no 'host' or 'uri' option was configured in the\n/etc/ldap.conf configuration file, no directory server was contacted,\nand no results were returned.\n\n* the 'port' option in the /etc/ldap.conf configuration file on client\nmachines was ignored. For example, if a directory server which you\nwere attempting to use was listening on a non-default port (i.e. not\nports 389 or 636), it was only possible to use that directory server\nby including the port number in the 'uri' option. In this updated\npackage, the 'port' option works as expected.\n\n* pam_ldap failed to change an expired password if it had to follow a\nreferral to do so, which could occur, for example, when using a slave\ndirectory server in a replicated environment. An error such as the\nfollowing occurred after entering a new password: 'LDAP password\ninformation update failed: Can't contact LDAP server Insufficient\n'write' privilege to the 'userPassword' attribute'\n\nThis has been resolved in this updated package.\n\n* when the 'pam_password exop_send_old' password-change method was\nconfigured in the /etc/ldap.conf configuration file, a logic error in\nthe pam_ldap module caused client machines to attempt to change a\nuser's password twice. First, the pam_ldap module attempted to change\nthe password using the 'exop' request, and then again using an LDAP\nmodify request.\n\n* on Red Hat Enterprise Linux 5.1, rebuilding nss_ldap-253-5.el5 when\nthe krb5-*-1.6.1-17.el5 packages were installed failed due to an error\nsuch as the following :\n\n+ /builddir/build/SOURCES/dlopen.sh ./nss_ldap-253/nss_ldap.so\ndlopen() of '././nss_ldap-253/nss_ldap.so' failed:\n./././nss_ldap-253/nss_ldap.so: undefined symbol: request_key error:\nBad exit status from /var/tmp/rpm-tmp.62652 (%build)\n\nThe missing libraries have been added, which resolves this issue.\n\nWhen recursively enumerating the set of members in a given group, the\nmodule would allocate insufficient space for storing the set of member\nnames if the group itself contained other groups, thus corrupting the\nheap. This update includes a backported fix for this bug.\n\nUsers of nss_ldap should upgrade to these updated packages, which\ncontain backported patches to correct this issue and fix these bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0389\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss_ldap package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0389\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"nss_ldap-253-12.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss_ldap\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:46:48", "description": "nss_ldap returned incorrect data under certain circumstances to the\ncalling process. Some applications could therefore work with wrong\nuser data (CVE-2007-5794).", "edition": 24, "published": "2008-02-06T00:00:00", "title": "openSUSE 10 Security Update : nss_ldap (nss_ldap-4773)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "modified": "2008-02-06T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:nss_ldap", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:nss_ldap-32bit"], "id": "SUSE_NSS_LDAP-4773.NASL", "href": "https://www.tenable.com/plugins/nessus/30196", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update nss_ldap-4773.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30196);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5794\");\n\n script_name(english:\"openSUSE 10 Security Update : nss_ldap (nss_ldap-4773)\");\n script_summary(english:\"Check for the nss_ldap-4773 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"nss_ldap returned incorrect data under certain circumstances to the\ncalling process. Some applications could therefore work with wrong\nuser data (CVE-2007-5794).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss_ldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss_ldap-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"nss_ldap-246-14.20\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"nss_ldap-32bit-246-14.20\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"nss_ldap-253-19.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"nss_ldap-32bit-253-19.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss_ldap / nss_ldap-32bit\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:43:59", "description": "A race condition was discovered in nss_ldap, which affected certain\napplications that make LDAP connections, such as Dovecot. This could\ncause nss_ldap to answer a request for information about one user with\nthe information about a different user. (CVE-2007-5794)\n\nAs well, this updated package fixes the following bugs :\n\n - in certain situations, on Itanium(R) architectures, when\n an application performed an LDAP lookup for a highly\n populated group, for example, containing more than 150\n members, the application crashed, or may have caused a\n segmentation fault. As well, this issue may have caused\n commands, such as 'ls', to return a 'ber_free_buf:\n Assertion' error.\n\n - when an application enumerated members of a netgroup,\n the nss_ldap module returned a successful status result\n and the netgroup name, even when the netgroup did not\n exist. This behavior was not consistent with other\n modules. In this updated package, nss_ldap no longer\n returns a successful status when the netgroup does not\n exist.\n\n - in master and slave server environments, with systems\n that were configured to use a read-only directory\n server, if user log in attempts were denied because\n their passwords had expired, and users attempted to\n immediately change their passwords, the replication\n server returned an LDAP referral, instructing the\n pam_ldap module to resissue its request to a different\n server; however, the pam_ldap module failed to do so. In\n these situations, an error such as the following\n occurred :\n\nLDAP password information update failed: Can't contact LDAP server\nInsufficient 'write' privilege to the 'userPassword' attribute of\nentry [entry]\n\nIn this updated package, password changes are allowed when binding\nagainst a slave server, which resolves this issue.\n\n - when a system used a directory server for naming\n information, and 'nss_initgroups_ignoreusers root' was\n configured in '/etc/ldap.conf', dbus-daemon-1 would\n hang. Running the 'service messagebus start' command did\n not start the service, and it did not fail, which would\n stop the boot process if it was not cancelled.\n\nAs well, this updated package upgrades nss_ldap to the version as\nshipped with Scientific Linux 5.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : nss_ldap on SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080724_NSS_LDAP_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60452", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60452);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5794\");\n\n script_name(english:\"Scientific Linux Security Update : nss_ldap on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition was discovered in nss_ldap, which affected certain\napplications that make LDAP connections, such as Dovecot. This could\ncause nss_ldap to answer a request for information about one user with\nthe information about a different user. (CVE-2007-5794)\n\nAs well, this updated package fixes the following bugs :\n\n - in certain situations, on Itanium(R) architectures, when\n an application performed an LDAP lookup for a highly\n populated group, for example, containing more than 150\n members, the application crashed, or may have caused a\n segmentation fault. As well, this issue may have caused\n commands, such as 'ls', to return a 'ber_free_buf:\n Assertion' error.\n\n - when an application enumerated members of a netgroup,\n the nss_ldap module returned a successful status result\n and the netgroup name, even when the netgroup did not\n exist. This behavior was not consistent with other\n modules. In this updated package, nss_ldap no longer\n returns a successful status when the netgroup does not\n exist.\n\n - in master and slave server environments, with systems\n that were configured to use a read-only directory\n server, if user log in attempts were denied because\n their passwords had expired, and users attempted to\n immediately change their passwords, the replication\n server returned an LDAP referral, instructing the\n pam_ldap module to resissue its request to a different\n server; however, the pam_ldap module failed to do so. In\n these situations, an error such as the following\n occurred :\n\nLDAP password information update failed: Can't contact LDAP server\nInsufficient 'write' privilege to the 'userPassword' attribute of\nentry [entry]\n\nIn this updated package, password changes are allowed when binding\nagainst a slave server, which resolves this issue.\n\n - when a system used a directory server for naming\n information, and 'nss_initgroups_ignoreusers root' was\n configured in '/etc/ldap.conf', dbus-daemon-1 would\n hang. Running the 'service messagebus start' command did\n not start the service, and it did not fail, which would\n stop the boot process if it was not cancelled.\n\nAs well, this updated package upgrades nss_ldap to the version as\nshipped with Scientific Linux 5.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&P=3097\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36941f7a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss_ldap package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"nss_ldap-253-5.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:43:56", "description": "A race condition was discovered in nss_ldap which affected certain\napplications which make LDAP connections, such as Dovecot. This could\ncause nss_ldap to answer a request for information about one user with\ninformation about a different user. (CVE-2007-5794)\n\nIn addition, these updated packages fix the following bugs :\n\n - a build error prevented the nss_ldap module from being\n able to use DNS to discover the location of a directory\n server. For example, when the /etc/nsswitch.conf\n configuration file was configured to use 'ldap', but no\n 'host' or 'uri' option was configured in the\n /etc/ldap.conf configuration file, no directory server\n was contacted, and no results were returned.\n\n - the 'port' option in the /etc/ldap.conf configuration\n file on client machines was ignored. For example, if a\n directory server which you were attempting to use was\n listening on a non-default port (i.e. not ports 389 or\n 636), it was only possible to use that directory server\n by including the port number in the 'uri' option. In\n this updated package, the 'port' option works as\n expected.\n\n - pam_ldap failed to change an expired password if it had\n to follow a referral to do so, which could occur, for\n example, when using a slave directory server in a\n replicated environment. An error such as the following\n occurred after entering a new password: 'LDAP password\n information update failed: Can't contact LDAP server\n Insufficient 'write' privilege to the 'userPassword'\n attribute'\n\nThis has been resolved in this updated package.\n\n - when the 'pam_password exop_send_old' password-change\n method was configured in the /etc/ldap.conf\n configuration file, a logic error in the pam_ldap module\n caused client machines to attempt to change a user's\n password twice. First, the pam_ldap module attempted to\n change the password using the 'exop' request, and then\n again using an LDAP modify request.\n\n - on Red Hat Enterprise Linux 5.1, rebuilding\n nss_ldap-253-5.el5 when the krb5-*-1.6.1-17.el5 packages\n were installed failed due to an error such as the\n following :\n\n - /builddir/build/SOURCES/dlopen.sh\n ./nss_ldap-253/nss_ldap.so dlopen() of\n '././nss_ldap-253/nss_ldap.so' failed:\n ./././nss_ldap-253/nss_ldap.so: undefined symbol:\n request_key error: Bad exit status from\n /var/tmp/rpm-tmp.62652 (%build)\n\nThe missing libraries have been added, which resolves this issue.\n\nWhen recursively enumerating the set of members in a given group, the\nmodule would allocate insufficient space for storing the set of member\nnames if the group itself contained other groups, thus corrupting the\nheap. This update includes a backported fix for this bug.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : nss_ldap on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080521_NSS_LDAP_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60407", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60407);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5794\");\n\n script_name(english:\"Scientific Linux Security Update : nss_ldap on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition was discovered in nss_ldap which affected certain\napplications which make LDAP connections, such as Dovecot. This could\ncause nss_ldap to answer a request for information about one user with\ninformation about a different user. (CVE-2007-5794)\n\nIn addition, these updated packages fix the following bugs :\n\n - a build error prevented the nss_ldap module from being\n able to use DNS to discover the location of a directory\n server. For example, when the /etc/nsswitch.conf\n configuration file was configured to use 'ldap', but no\n 'host' or 'uri' option was configured in the\n /etc/ldap.conf configuration file, no directory server\n was contacted, and no results were returned.\n\n - the 'port' option in the /etc/ldap.conf configuration\n file on client machines was ignored. For example, if a\n directory server which you were attempting to use was\n listening on a non-default port (i.e. not ports 389 or\n 636), it was only possible to use that directory server\n by including the port number in the 'uri' option. In\n this updated package, the 'port' option works as\n expected.\n\n - pam_ldap failed to change an expired password if it had\n to follow a referral to do so, which could occur, for\n example, when using a slave directory server in a\n replicated environment. An error such as the following\n occurred after entering a new password: 'LDAP password\n information update failed: Can't contact LDAP server\n Insufficient 'write' privilege to the 'userPassword'\n attribute'\n\nThis has been resolved in this updated package.\n\n - when the 'pam_password exop_send_old' password-change\n method was configured in the /etc/ldap.conf\n configuration file, a logic error in the pam_ldap module\n caused client machines to attempt to change a user's\n password twice. First, the pam_ldap module attempted to\n change the password using the 'exop' request, and then\n again using an LDAP modify request.\n\n - on Red Hat Enterprise Linux 5.1, rebuilding\n nss_ldap-253-5.el5 when the krb5-*-1.6.1-17.el5 packages\n were installed failed due to an error such as the\n following :\n\n - /builddir/build/SOURCES/dlopen.sh\n ./nss_ldap-253/nss_ldap.so dlopen() of\n '././nss_ldap-253/nss_ldap.so' failed:\n ./././nss_ldap-253/nss_ldap.so: undefined symbol:\n request_key error: Bad exit status from\n /var/tmp/rpm-tmp.62652 (%build)\n\nThe missing libraries have been added, which resolves this issue.\n\nWhen recursively enumerating the set of members in a given group, the\nmodule would allocate insufficient space for storing the set of member\nnames if the group itself contained other groups, thus corrupting the\nheap. This update includes a backported fix for this bug.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0805&L=scientific-linux-errata&T=0&P=1350\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be52862b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss_ldap package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"nss_ldap-253-12.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-06T09:44:53", "description": "It was reported that a race condition exists in libnss-ldap, an NSS\nmodule for using LDAP as a naming service, which could cause denial of\nservice attacks if applications use pthreads.\n\nThis problem was spotted in the dovecot IMAP/POP server but\npotentially affects more programs.", "edition": 27, "published": "2007-12-12T00:00:00", "title": "Debian DSA-1430-1 : libnss-ldap - denial of service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "modified": "2007-12-12T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:libnss-ldap"], "id": "DEBIAN_DSA-1430.NASL", "href": "https://www.tenable.com/plugins/nessus/29338", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1430. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29338);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-5794\");\n script_xref(name:\"DSA\", value:\"1430\");\n\n script_name(english:\"Debian DSA-1430-1 : libnss-ldap - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was reported that a race condition exists in libnss-ldap, an NSS\nmodule for using LDAP as a naming service, which could cause denial of\nservice attacks if applications use pthreads.\n\nThis problem was spotted in the dovecot IMAP/POP server but\npotentially affects more programs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1430\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libnss-ldap package.\n\nFor the old stable distribution (sarge), this problem has been fixed\nin version 238-1sarge1.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 251-7.5etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libnss-ldap\", reference:\"238-1sarge1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnss-ldap\", reference:\"251-7.5etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:46:48", "description": "nss_ldap returned incorrect data under certain circumstances to the\ncalling process. Some applications could therefore work with wrong\nuser data. (CVE-2007-5794)", "edition": 23, "published": "2008-02-06T00:00:00", "title": "SuSE 10 Security Update : nss_ldap (ZYPP Patch Number 4781)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "modified": "2008-02-06T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_NSS_LDAP-4781.NASL", "href": "https://www.tenable.com/plugins/nessus/30197", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30197);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5794\");\n\n script_name(english:\"SuSE 10 Security Update : nss_ldap (ZYPP Patch Number 4781)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"nss_ldap returned incorrect data under certain circumstances to the\ncalling process. Some applications could therefore work with wrong\nuser data. (CVE-2007-5794)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5794.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4781.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"nss_ldap-246-14.20\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"nss_ldap-32bit-246-14.20\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"nss_ldap-246-14.20\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"nss_ldap-32bit-246-14.20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T11:51:50", "description": "A race condition in nss_ldap, when used in applications that use\npthread and fork after a call to nss_ldap, does not properly handle\nthe LDAP connection, which might cause nss_ldap to return the wrong\nuser data to the wrong process, giving one user access to data\nbelonging to another user, in some cases.\n\nThe updated package hais been patched to prevent this issue.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : nss_ldap (MDVSA-2008:049)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:nss_ldap"], "id": "MANDRIVA_MDVSA-2008-049.NASL", "href": "https://www.tenable.com/plugins/nessus/37403", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:049. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37403);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5794\");\n script_bugtraq_id(26452);\n script_xref(name:\"MDVSA\", value:\"2008:049\");\n\n script_name(english:\"Mandriva Linux Security Advisory : nss_ldap (MDVSA-2008:049)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition in nss_ldap, when used in applications that use\npthread and fork after a call to nss_ldap, does not properly handle\nthe LDAP connection, which might cause nss_ldap to return the wrong\nuser data to the wrong process, giving one user access to data\nbelonging to another user, in some cases.\n\nThe updated package hais been patched to prevent this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss_ldap package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nss_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"nss_ldap-250-1.1mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:52:17", "description": "The remote host is affected by the vulnerability described in GLSA-200711-33\n(nss_ldap: Information disclosure)\n\n Josh Burley reported that nss_ldap does not properly handle the LDAP\n connections due to a race condition that can be triggered by\n multi-threaded applications using nss_ldap, which might lead to\n requested data being returned to a wrong process.\n \nImpact :\n\n Remote attackers could exploit this race condition by sending queries\n to a vulnerable server using nss_ldap, possibly leading to theft of\n user credentials or information disclosure (e.g. Dovecot returning\n wrong mailbox contents).\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2007-11-26T00:00:00", "title": "GLSA-200711-33 : nss_ldap: Information disclosure", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5794"], "modified": "2007-11-26T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:nss_ldap"], "id": "GENTOO_GLSA-200711-33.NASL", "href": "https://www.tenable.com/plugins/nessus/28322", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200711-33.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28322);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5794\");\n script_bugtraq_id(26452);\n script_xref(name:\"GLSA\", value:\"200711-33\");\n\n script_name(english:\"GLSA-200711-33 : nss_ldap: Information disclosure\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200711-33\n(nss_ldap: Information disclosure)\n\n Josh Burley reported that nss_ldap does not properly handle the LDAP\n connections due to a race condition that can be triggered by\n multi-threaded applications using nss_ldap, which might lead to\n requested data being returned to a wrong process.\n \nImpact :\n\n Remote attackers could exploit this race condition by sending queries\n to a vulnerable server using nss_ldap, possibly leading to theft of\n user credentials or information disclosure (e.g. Dovecot returning\n wrong mailbox contents).\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200711-33\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All nss_ldap users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-auth/nss_ldap-258'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nss_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-auth/nss_ldap\", unaffected:make_list(\"ge 258\"), vulnerable:make_list(\"lt 258\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss_ldap\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}]}