Lucene search
Copyright (C) 2011 Greenbone AGOPENVAS:1361412562310880588HistoryAug 09, 2011 - 12:00 a.m.
CentOS Update for compat-openldap CESA-2010:0542 centos5 i386
2011-08-0900:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
9
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.965 High
EPSS
Percentile
99.6%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2010-July/016817.html");
script_oid("1.3.6.1.4.1.25623.1.0.880588");
script_version("2024-01-23T05:05:19+0000");
script_tag(name:"last_modification", value:"2024-01-23 05:05:19 +0000 (Tue, 23 Jan 2024)");
script_tag(name:"creation_date", value:"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2024-01-21 01:35:00 +0000 (Sun, 21 Jan 2024)");
script_xref(name:"CESA", value:"2010:0542");
script_cve_id("CVE-2010-0211", "CVE-2010-0212");
script_name("CentOS Update for compat-openldap CESA-2010:0542 centos5 i386");
script_tag(name:"summary", value:"The remote host is missing an update for the 'compat-openldap'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 Greenbone AG");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS5");
script_tag(name:"affected", value:"compat-openldap on CentOS 5");
script_tag(name:"insight", value:"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools.
Multiple flaws were discovered in the way the slapd daemon handled modify
relative distinguished name (modrdn) requests. An authenticated user with
privileges to perform modrdn operations could use these flaws to crash the
slapd daemon via specially-crafted modrdn requests. (CVE-2010-0211,
CVE-2010-0212)
Red Hat would like to thank CERT-FI for responsibly reporting these flaws,
who credit Ilkka Mattila and Tuomas Salomki for the discovery of the
issues.
Users of OpenLDAP should upgrade to these updated packages, which contain
a backported patch to correct these issues. After installing this update,
the OpenLDAP daemons will be restarted automatically.");
script_tag(name:"solution", value:"Please install the updated packages.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS5")
{
if ((res = isrpmvuln(pkg:"compat-openldap", rpm:"compat-openldap~2.3.43_2.2.29~12.el5_5.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openldap", rpm:"openldap~2.3.43~12.el5_5.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openldap-clients", rpm:"openldap-clients~2.3.43~12.el5_5.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openldap-devel", rpm:"openldap-devel~2.3.43~12.el5_5.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openldap-servers", rpm:"openldap-servers~2.3.43~12.el5_5.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openldap-servers-overlays", rpm:"openldap-servers-overlays~2.3.43~12.el5_5.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"openldap-servers-sql", rpm:"openldap-servers-sql~2.3.43~12.el5_5.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Related
nessus
nessus
Fedora 12 : openldap-2.4.19-6.fc12 (2010-11319)
2010-11-01 00:00:00
openSUSE Security Update : libldap-2_4-2 (openSUSE-SU-2010:0547-1)
2010-08-26 00:00:00
openSUSE Security Update : openldap2 (openSUSE-SU-2010:0427-1)
2010-07-26 00:00:00
openvas
openvas
CentOS Update for compat-openldap CESA-2010:0542 centos5 i386
2011-08-09 00:00:00
Fedora Update for openldap FEDORA-2010-11319
2010-11-16 00:00:00
Ubuntu: Security Advisory (USN-965-1)
2010-08-13 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:142 ] openldap
2010-07-30 00:00:00
OpenLDAP multiple security vulnerabilities
2010-07-30 00:00:00
Apple Mac OS X and QuickTime multiple security vulnerabilities
2013-11-18 00:00:00
ubuntu
ubuntu
OpenLDAP vulnerabilities
2010-08-09 00:00:00
redhat
redhat
(RHSA-2010:0542) Moderate: openldap security update
2010-07-20 00:00:00
(RHSA-2010:0543) Moderate: openldap security update
2010-07-20 00:00:00
(RHSA-2010:0622) Important: rhev-hypervisor security and bug fix update
2010-08-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package openldap2.4 version 2.4.23-alt1
2010-06-30 00:00:00
centos
centos
compat, openldap security update
2010-07-21 22:18:04
compat, openldap security update
2010-07-21 19:15:25
osv
osv
openldap - potential code execution
2010-07-29 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: openldap-2.4.19-6.fc12
2010-10-31 21:33:48
[SECURITY] Fedora 13 Update: openldap-2.4.21-10.fc13
2010-08-23 22:04:44
debian
debian
[SECURITY] [DSA 2077-1] New openldap packages fix potential code execution
2010-07-29 19:08:28
oraclelinux
oraclelinux
openldap security update
2010-07-20 00:00:00
openldap security update
2010-07-20 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenLDAP Modrdn RDN NULL String Denial of Service (CVE-2010-0212)
2010-10-13 00:00:00
OpenLDAP Modrdn RDN UTF-8 String Code Execution (CVE-2010-0211)
2010-10-13 00:00:00
cve
cve
CVE-2010-0212
2010-07-28 12:48:00
CVE-2010-0211
2010-07-28 12:48:00
vmware
vmware
prion
prion
Null pointer dereference
2010-07-28 12:48:00
Double free
2010-07-28 12:48:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:44:09
Denial Of Service (DoS)
2020-04-10 00:44:09
ubuntucve
ubuntucve
CVE-2010-0212
2010-07-28 00:00:00
CVE-2010-0211
2010-07-28 00:00:00
debiancve
debiancve
CVE-2010-0212
2010-07-28 12:48:00
CVE-2010-0211
2010-07-28 12:48:00
gentoo
gentoo
OpenLDAP: Multiple vulnerabilities
2014-06-30 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.965 High
EPSS
Percentile
99.6%
Related for OPENVAS:1361412562310880588