For more information, please visit the referenced security
advisories.
More details may also be found by searching for keyword
5036880 within the SuSE Enterprise Server 9 patch
database at http://download.novell.com/patch/finder/
# OpenVAS Vulnerability Test
# $Id: sles9p5036880.nasl 6666 2017-07-11 13:13:36Z cfischer $
# Description: Security update for OpenLDAP 2
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_summary = "The remote host is missing updates to packages that affect
the security of your system. One or more of the following packages
are affected:
openldap2
openldap2-back-ldap
openldap2-back-meta
openldap2-back-monitor
openldap2-back-perl
openldap2-client
openldap2-devel
For more information, please visit the referenced security
advisories.
More details may also be found by searching for keyword
5036880 within the SuSE Enterprise Server 9 patch
database at http://download.novell.com/patch/finder/";
tag_solution = "Please install the updates provided by SuSE.";
if(description)
{
script_id(65552);
script_version("$Revision: 6666 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $");
script_tag(name:"creation_date", value:"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)");
script_cve_id("CVE-2008-2952");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_name("SLES9: Security update for OpenLDAP 2");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"openldap2", rpm:"openldap2~2.2.24~4.29", rls:"SLES9.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:65552", "type": "openvas", "bulletinFamily": "scanner", "title": "SLES9: Security update for OpenLDAP 2", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openldap2\n openldap2-back-ldap\n openldap2-back-meta\n openldap2-back-monitor\n openldap2-back-perl\n openldap2-client\n openldap2-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5036880 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "modified": "2017-07-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65552", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-2952"], "lastseen": "2017-07-26T08:55:14", "viewCount": 0, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2017-07-26T08:55:14", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-2952"]}, {"type": "ubuntu", "idList": ["USN-634-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310870172", "OPENVAS:860722", "OPENVAS:136141256231065951", "OPENVAS:880026", "OPENVAS:870172", "OPENVAS:61772", "OPENVAS:880175", "OPENVAS:1361412562310880026", "OPENVAS:136141256231065552", "OPENVAS:1361412562310830761"]}, {"type": "gentoo", "idList": ["GLSA-200808-09"]}, {"type": "centos", "idList": ["CESA-2008:0583"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0583"]}, {"type": "redhat", "idList": ["RHSA-2008:0583"]}, {"type": "zdi", "idList": ["ZDI-08-052"]}, {"type": "exploitdb", "idList": ["EDB-ID:32000"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9195", "SECURITYVULNS:DOC:20279"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1650-1:999F2"]}, {"type": "fedora", "idList": ["FEDORA:M633FJJG018319", "FEDORA:M633H3YL018502"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2008-0583.NASL", "SUSE9_12222.NASL", "UBUNTU_USN-634-1.NASL", "SUSE_OPENLDAP2-5511.NASL", "SL_20080709_OPENLDAP_ON_SL4_X.NASL", "FEDORA_2008-6029.NASL", "ORACLELINUX_ELSA-2008-0583.NASL", "SUSE_11_0_OPENLDAP2-080813.NASL", "DEBIAN_DSA-1650.NASL", "FEDORA_2008-6062.NASL"]}], "modified": "2017-07-26T08:55:14", "rev": 2}, "vulnersScore": 6.9}, "pluginID": "65552", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5036880.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for OpenLDAP 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openldap2\n openldap2-back-ldap\n openldap2-back-meta\n openldap2-back-monitor\n openldap2-back-perl\n openldap2-client\n openldap2-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5036880 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65552);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-2952\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for OpenLDAP 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openldap2\", rpm:\"openldap2~2.2.24~4.29\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "SuSE Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T11:51:00", "description": "liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.", "edition": 3, "cvss3": {}, "published": "2008-07-01T21:41:00", "title": "CVE-2008-2952", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2952"], "modified": "2018-10-11T20:45:00", "cpe": ["cpe:/a:openldap:openldap:2.3.38", "cpe:/a:openldap:openldap:2.3.39", "cpe:/a:openldap:openldap:2.3.9", "cpe:/a:openldap:openldap:2.3.43", "cpe:/a:openldap:openldap:2.3.30", "cpe:/a:openldap:openldap:2.2.8", "cpe:/a:openldap:openldap:2.2.4", "cpe:/a:openldap:openldap:2.3.13", "cpe:/a:openldap:openldap:2.3.6", "cpe:/a:openldap:openldap:2.3.28", "cpe:/a:openldap:openldap:2.3.20", "cpe:/a:openldap:openldap:2.3.31", "cpe:/a:openldap:openldap:2.3.7", "cpe:/a:openldap:openldap:2.3.17", "cpe:/a:openldap:openldap:2.3.29", "cpe:/a:openldap:openldap:2.2.7", "cpe:/a:openldap:openldap:2.3.41", "cpe:/a:openldap:openldap:2.3.10", "cpe:/a:openldap:openldap:2.3.40", "cpe:/a:openldap:openldap:2.3.16", "cpe:/a:openldap:openldap:2.3.32", "cpe:/a:openldap:openldap:2.3.15", "cpe:/a:openldap:openldap:2.3.11", "cpe:/a:openldap:openldap:2.3.23", "cpe:/a:openldap:openldap:2.3.37", "cpe:/a:openldap:openldap:2.3.25", "cpe:/a:openldap:openldap:2.3.18", "cpe:/a:openldap:openldap:2.3.42", "cpe:/a:openldap:openldap:2.3.12", "cpe:/a:openldap:openldap:2.3.22", "cpe:/a:openldap:openldap:2.3.36", "cpe:/a:openldap:openldap:2.3.19", "cpe:/a:openldap:openldap:2.3.14", "cpe:/a:openldap:openldap:2.4.10", "cpe:/a:openldap:openldap:2.3.5", "cpe:/a:openldap:openldap:2.2.9", "cpe:/a:openldap:openldap:2.2.5", "cpe:/a:openldap:openldap:2.3.26", "cpe:/a:openldap:openldap:2.3.27", "cpe:/a:openldap:openldap:2.3.34", "cpe:/a:openldap:openldap:2.3.33", "cpe:/a:openldap:openldap:2.2.6", "cpe:/a:openldap:openldap:2.3.4", "cpe:/a:openldap:openldap:2.3.24", "cpe:/a:openldap:openldap:2.3.21", "cpe:/a:openldap:openldap:2.3.35", "cpe:/a:openldap:openldap:2.3.8"], "id": "CVE-2008-2952", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2952", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openldap:openldap:2.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.41:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.32:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.31:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.38:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.39:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.35:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.33:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.43:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.36:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.30:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.42:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.34:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.40:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.2.6:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T00:24:02", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2952"], "description": "Cameron Hotchkies discovered that OpenLDAP did not correctly handle \ncertain ASN.1 BER data. A remote attacker could send a specially crafted \npacket and crash slapd, leading to a denial of service.", "edition": 5, "modified": "2008-08-01T00:00:00", "published": "2008-08-01T00:00:00", "id": "USN-634-1", "href": "https://ubuntu.com/security/notices/USN-634-1", "title": "OpenLDAP vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-27T10:56:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "description": "Check for the Version of openldap", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870172", "href": "http://plugins.openvas.org/nasl.php?oid=870172", "type": "openvas", "title": "RedHat Update for openldap RHSA-2008:0583-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openldap RHSA-2008:0583-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenLDAP is an open source suite of Lightweight Directory Access Protocol\n (LDAP) applications and development tools. LDAP is a set of protocols for\n accessing directory services.\n\n A denial of service flaw was found in the way the OpenLDAP slapd daemon\n processed certain network messages. An unauthenticated remote attacker\n could send a specially crafted request that would crash the slapd daemon.\n (CVE-2008-2952)\n \n Users of openldap should upgrade to these updated packages, which contain a\n backported patch to correct this issue.\";\n\ntag_affected = \"openldap on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-July/msg00009.html\");\n script_id(870172);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0583-01\");\n script_cve_id(\"CVE-2008-2952\");\n script_name( \"RedHat Update for openldap RHSA-2008:0583-01\");\n\n script_summary(\"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-openldap\", rpm:\"compat-openldap~2.3.27_2.2.29~8.el5_2.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.3.27~8.el5_2.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.3.27~8.el5_2.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-debuginfo\", rpm:\"openldap-debuginfo~2.3.27~8.el5_2.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.3.27~8.el5_2.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.3.27~8.el5_2.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.3.27~8.el5_2.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-openldap\", rpm:\"compat-openldap~2.1.30~8.el4_6.5\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.2.13~8.el4_6.5\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.2.13~8.el4_6.5\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-debuginfo\", rpm:\"openldap-debuginfo~2.2.13~8.el4_6.5\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.2.13~8.el4_6.5\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.2.13~8.el4_6.5\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.2.13~8.el4_6.5\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:38:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "description": "Check for the Version of compat-openldap", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880026", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880026", "type": "openvas", "title": "CentOS Update for compat-openldap CESA-2008:0583 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for compat-openldap CESA-2008:0583 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenLDAP is an open source suite of Lightweight Directory Access Protocol\n (LDAP) applications and development tools. LDAP is a set of protocols for\n accessing directory services.\n\n A denial of service flaw was found in the way the OpenLDAP slapd daemon\n processed certain network messages. An unauthenticated remote attacker\n could send a specially crafted request that would crash the slapd daemon.\n (CVE-2008-2952)\n \n Users of openldap should upgrade to these updated packages, which contain a\n backported patch to correct this issue.\";\n\ntag_affected = \"compat-openldap on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-July/015108.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880026\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0583\");\n script_cve_id(\"CVE-2008-2952\");\n script_name( \"CentOS Update for compat-openldap CESA-2008:0583 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of compat-openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-openldap\", rpm:\"compat-openldap~2.1.30~8.el4_6.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.2.13~8.el4_6.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.2.13~8.el4_6.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.2.13~8.el4_6.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.2.13~8.el4_6.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.2.13~8.el4_6.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openldap2\n openldap2-back-meta\n openldap2-back-perl\n openldap2-client\n openldap2-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065951", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065951", "type": "openvas", "title": "SLES10: Security update for OpenLDAP 2", "sourceData": "#\n#VID slesp2-openldap2-5511\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for OpenLDAP 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openldap2\n openldap2-back-meta\n openldap2-back-perl\n openldap2-client\n openldap2-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65951\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-2952\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for OpenLDAP 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openldap2\", rpm:\"openldap2~2.3.32~0.30\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openldap2-back-meta\", rpm:\"openldap2-back-meta~2.3.32~0.30\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openldap2-back-perl\", rpm:\"openldap2-back-perl~2.3.32~0.30\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openldap2-client\", rpm:\"openldap2-client~2.3.32~0.28\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openldap2-devel\", rpm:\"openldap2-devel~2.3.32~0.28\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "description": "Check for the Version of openldap", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830761", "type": "openvas", "title": "Mandriva Update for openldap MDVSA-2008:144 (openldap)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openldap MDVSA-2008:144 (openldap)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A denial of service vulnerability was discovered in the way\n the OpenLDAP slapd daemon processed certain network messages.\n An unauthenticated remote attacker could send a specially crafted\n request that would crash the slapd daemon (CVE-2008-2952).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"openldap on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-07/msg00027.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830761\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:144\");\n script_cve_id(\"CVE-2008-2952\");\n script_name( \"Mandriva Update for openldap MDVSA-2008:144 (openldap)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libldap2.3_0\", rpm:\"libldap2.3_0~2.3.34~5.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.3_0-devel\", rpm:\"libldap2.3_0-devel~2.3.34~5.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.3_0-static-devel\", rpm:\"libldap2.3_0-static-devel~2.3.34~5.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.3.34~5.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.3.34~5.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-doc\", rpm:\"openldap-doc~2.3.34~5.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.3.34~5.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-testprogs\", rpm:\"openldap-testprogs~2.3.34~5.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-tests\", rpm:\"openldap-tests~2.3.34~5.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.3_0\", rpm:\"lib64ldap2.3_0~2.3.34~5.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.3_0-devel\", rpm:\"lib64ldap2.3_0-devel~2.3.34~5.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.3_0-static-devel\", rpm:\"lib64ldap2.3_0-static-devel~2.3.34~5.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libldap2.3_0\", rpm:\"libldap2.3_0~2.3.38~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.3_0-devel\", rpm:\"libldap2.3_0-devel~2.3.38~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.3_0-static-devel\", rpm:\"libldap2.3_0-static-devel~2.3.38~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.3.38~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.3.38~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-doc\", rpm:\"openldap-doc~2.3.38~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.3.38~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-testprogs\", rpm:\"openldap-testprogs~2.3.38~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-tests\", rpm:\"openldap-tests~2.3.38~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.3_0\", rpm:\"lib64ldap2.3_0~2.3.38~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.3_0-devel\", rpm:\"lib64ldap2.3_0-devel~2.3.38~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.3_0-static-devel\", rpm:\"lib64ldap2.3_0-static-devel~2.3.38~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2\", rpm:\"libldap2.4_2~2.4.8~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-devel\", rpm:\"libldap2.4_2-devel~2.4.8~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-static-devel\", rpm:\"libldap2.4_2-static-devel~2.4.8~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.8~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.8~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-doc\", rpm:\"openldap-doc~2.4.8~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.8~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-testprogs\", rpm:\"openldap-testprogs~2.4.8~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-tests\", rpm:\"openldap-tests~2.4.8~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2\", rpm:\"lib64ldap2.4_2~2.4.8~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-devel\", rpm:\"lib64ldap2.4_2-devel~2.4.8~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-static-devel\", rpm:\"lib64ldap2.4_2-static-devel~2.4.8~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200808-09.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:61442", "href": "http://plugins.openvas.org/nasl.php?oid=61442", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200808-09 (openldap)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw in OpenLDAP allows remote unauthenticated attackers to cause a\nDenial of Service.\";\ntag_solution = \"All OpenLDAP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-nds/openldap-2.3.43'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200808-09\nhttp://bugs.gentoo.org/show_bug.cgi?id=230269\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200808-09.\";\n\n \n\nif(description)\n{\n script_id(61442);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-2952\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200808-09 (openldap)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-nds/openldap\", unaffected: make_list(\"ge 2.3.43\"), vulnerable: make_list(\"lt 2.3.43\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "description": "Check for the Version of compat-openldap", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880026", "href": "http://plugins.openvas.org/nasl.php?oid=880026", "type": "openvas", "title": "CentOS Update for compat-openldap CESA-2008:0583 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for compat-openldap CESA-2008:0583 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenLDAP is an open source suite of Lightweight Directory Access Protocol\n (LDAP) applications and development tools. LDAP is a set of protocols for\n accessing directory services.\n\n A denial of service flaw was found in the way the OpenLDAP slapd daemon\n processed certain network messages. An unauthenticated remote attacker\n could send a specially crafted request that would crash the slapd daemon.\n (CVE-2008-2952)\n \n Users of openldap should upgrade to these updated packages, which contain a\n backported patch to correct this issue.\";\n\ntag_affected = \"compat-openldap on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-July/015108.html\");\n script_id(880026);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0583\");\n script_cve_id(\"CVE-2008-2952\");\n script_name( \"CentOS Update for compat-openldap CESA-2008:0583 centos4 i386\");\n\n script_summary(\"Check for the Version of compat-openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-openldap\", rpm:\"compat-openldap~2.1.30~8.el4_6.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.2.13~8.el4_6.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.2.13~8.el4_6.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.2.13~8.el4_6.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.2.13~8.el4_6.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.2.13~8.el4_6.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "description": "The remote host is missing an update to openldap2.3\nannounced via advisory DSA 1650-1.", "modified": "2017-07-07T00:00:00", "published": "2008-11-01T00:00:00", "id": "OPENVAS:61772", "href": "http://plugins.openvas.org/nasl.php?oid=61772", "type": "openvas", "title": "Debian Security Advisory DSA 1650-1 (openldap2.3)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1650_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1650-1 (openldap2.3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Cameron Hotchkies discovered that the OpenLDAP server slapd, a free\nimplementation of the Lightweight Directory Access Protocol, could be\ncrashed by sending malformed ASN1 requests.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.3.30-5+etch2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.10-3 of the openldap package.\n\nWe recommend that you upgrade your openldap2.3 packages.\";\ntag_summary = \"The remote host is missing an update to openldap2.3\nannounced via advisory DSA 1650-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201650-1\";\n\n\nif(description)\n{\n script_id(61772);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-01 01:55:10 +0100 (Sat, 01 Nov 2008)\");\n script_cve_id(\"CVE-2008-2952\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1650-1 (openldap2.3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.3.30-5+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap-2.3-0\", ver:\"2.3.30-5+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ldap-utils\", ver:\"2.3.30-5+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "description": "Check for the Version of openldap", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860722", "href": "http://plugins.openvas.org/nasl.php?oid=860722", "type": "openvas", "title": "Fedora Update for openldap FEDORA-2008-6062", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openldap FEDORA-2008-6062\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openldap on Fedora 9\";\ntag_insight = \"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\n Protocol) applications and development tools. LDAP is a set of\n protocols for accessing directory services (usually phone book style\n information, but other information is possible) over the Internet,\n similar to the way DNS (Domain Name System) information is propagated\n over the Internet. The openldap package contains configuration files,\n libraries, and documentation for OpenLDAP.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00129.html\");\n script_id(860722);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:01:32 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-6062\");\n script_cve_id(\"CVE-2008-2952\");\n script_name( \"Fedora Update for openldap FEDORA-2008-6062\");\n\n script_summary(\"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.8~6.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "description": "Oracle Linux Local Security Checks ELSA-2008-0583", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122570", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122570", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0583", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0583.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122570\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:48:20 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0583\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0583 - openldap security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0583\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0583.html\");\n script_cve_id(\"CVE-2008-2952\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"compat-openldap\", rpm:\"compat-openldap~2.3.27_2.2.29~8.el5_2.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.3.27~8.el5_2.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.3.27~8.el5_2.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.3.27~8.el5_2.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.3.27~8.el5_2.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.3.27~8.el5_2.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-04-06T11:37:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openldap2\n openldap2-back-ldap\n openldap2-back-meta\n openldap2-back-monitor\n openldap2-back-perl\n openldap2-client\n openldap2-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5036880 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065552", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065552", "type": "openvas", "title": "SLES9: Security update for OpenLDAP 2", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5036880.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for OpenLDAP 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openldap2\n openldap2-back-ldap\n openldap2-back-meta\n openldap2-back-monitor\n openldap2-back-perl\n openldap2-client\n openldap2-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5036880 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65552\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-2952\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for OpenLDAP 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openldap2\", rpm:\"openldap2~2.2.24~4.29\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:06", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2952"], "description": "### Background\n\nOpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. \n\n### Description\n\nCameron Hotchkies discovered an error within the parsing of ASN.1 BER encoded packets in the \"ber_get_next()\" function in libraries/liblber/io.c. \n\n### Impact\n\nA remote unauthenticated attacker can send a specially crafted ASN.1 BER encoded packet which will trigger the error and cause an \"assert()\", terminating the \"slapd\" daemon. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll OpenLDAP users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-nds/openldap-2.3.43\"", "edition": 1, "modified": "2008-08-08T00:00:00", "published": "2008-08-08T00:00:00", "id": "GLSA-200808-09", "href": "https://security.gentoo.org/glsa/200808-09", "type": "gentoo", "title": "OpenLDAP: Denial of Service vulnerability", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2020-07-17T03:29:46", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2952"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0583\n\n\nOpenLDAP is an open source suite of Lightweight Directory Access Protocol\n(LDAP) applications and development tools. LDAP is a set of protocols for\naccessing directory services.\n\nA denial of service flaw was found in the way the OpenLDAP slapd daemon\nprocessed certain network messages. An unauthenticated remote attacker\ncould send a specially crafted request that would crash the slapd daemon.\n(CVE-2008-2952)\n\nUsers of openldap should upgrade to these updated packages, which contain a\nbackported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027132.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027135.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027138.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027139.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027146.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/027147.html\n\n**Affected packages:**\ncompat-openldap\nopenldap\nopenldap-clients\nopenldap-devel\nopenldap-servers\nopenldap-servers-sql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0583.html", "edition": 6, "modified": "2008-07-13T11:52:40", "published": "2008-07-09T16:17:29", "href": "http://lists.centos.org/pipermail/centos-announce/2008-July/027132.html", "id": "CESA-2008:0583", "title": "compat, openldap security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2952"], "description": "[2.3.27-8.4]\n- fix CVE-2008-2952 (#453639)", "edition": 4, "modified": "2008-07-09T00:00:00", "published": "2008-07-09T00:00:00", "id": "ELSA-2008-0583", "href": "http://linux.oracle.com/errata/ELSA-2008-0583.html", "title": "openldap security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:44", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2952"], "description": "OpenLDAP is an open source suite of Lightweight Directory Access Protocol\n(LDAP) applications and development tools. LDAP is a set of protocols for\naccessing directory services.\n\nA denial of service flaw was found in the way the OpenLDAP slapd daemon\nprocessed certain network messages. An unauthenticated remote attacker\ncould send a specially crafted request that would crash the slapd daemon.\n(CVE-2008-2952)\n\nUsers of openldap should upgrade to these updated packages, which contain a\nbackported patch to correct this issue.", "modified": "2017-09-08T11:59:42", "published": "2008-07-09T04:00:00", "id": "RHSA-2008:0583", "href": "https://access.redhat.com/errata/RHSA-2008:0583", "type": "redhat", "title": "(RHSA-2008:0583) Important: openldap security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "zdi": [{"lastseen": "2020-06-22T11:40:26", "bulletinFamily": "info", "cvelist": ["CVE-2008-2952"], "edition": 3, "description": "This vulnerability allows remote attackers to deny services on vulnerable installations of OpenLDAP. Authentication is not required to exploit this vulnerability. The specific flaw exists in the decoding of ASN.1 BER network datagrams. When the size of a BerElement is specified incorrectly, the application will trigger an assert(), leading to abnormal program termination.", "modified": "2008-06-22T00:00:00", "published": "2008-08-14T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-08-052/", "id": "ZDI-08-052", "title": "OpenLDAP BER Decoding Remote DoS Vulnerability", "type": "zdi", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T15:57:31", "description": "OpenLDAP 2.3.41 BER Decoding Remote Denial of Service Vulnerability. CVE-2008-2952. Dos exploit for linux platform", "published": "2008-06-30T00:00:00", "type": "exploitdb", "title": "OpenLDAP <= 2.3.41 BER Decoding Remote Denial of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2952"], "modified": "2008-06-30T00:00:00", "id": "EDB-ID:32000", "href": "https://www.exploit-db.com/exploits/32000/", "sourceData": "source: http://www.securityfocus.com/bid/30013/info\r\n\r\nOpenLDAP is prone to a remote denial-of-service vulnerability.\r\n\r\nAttackers can exploit this issue to deny service to legitimate users by crashing affected servers.\r\n\r\nOpenLDAP 2.3.41 is vulnerable to this issue; earlier versions back to approximately 2.1.18 as well as newer versions may also be affected.\r\n\r\nslapd -h ldap:// -d511 &\r\nperl -e 'print \"\\xff\\xff\\xff\\x00\\x84\\x41\\x42\\x43\\x44\"' | nc localhost 389 ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/32000/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:30", "bulletinFamily": "software", "cvelist": ["CVE-2008-2952"], "description": "Crash on ASR.1 BER data processing.", "edition": 1, "modified": "2008-08-03T00:00:00", "published": "2008-08-03T00:00:00", "id": "SECURITYVULNS:VULN:9195", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9195", "title": "OpenLDAP slapd DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:27", "bulletinFamily": "software", "cvelist": ["CVE-2008-2952"], "description": "=========================================================== \r\nUbuntu Security Notice USN-634-1 August 01, 2008\r\nopenldap2.2, openldap2.3 vulnerability\r\nCVE-2008-2952\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 7.04\r\nUbuntu 7.10\r\nUbuntu 8.04 LTS\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n slapd 2.2.26-5ubuntu2.8\r\n\r\nUbuntu 7.04:\r\n slapd 2.3.30-2ubuntu0.3\r\n\r\nUbuntu 7.10:\r\n slapd 2.3.35-1ubuntu0.3\r\n\r\nUbuntu 8.04 LTS:\r\n slapd 2.4.9-0ubuntu0.8.04.1\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nCameron Hotchkies discovered that OpenLDAP did not correctly handle\r\ncertain ASN.1 BER data. A remote attacker could send a specially crafted\r\npacket and crash slapd, leading to a denial of service.\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.8.diff.gz\r\n Size/MD5: 514393 4f9e265da3b3862538e819f77e2e3586\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.8.dsc\r\n Size/MD5: 1058 b22c78f0d48cc36e948b54e3af20edfd\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz\r\n Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.8_amd64.deb\r\n Size/MD5: 130764 97be6915cd08b18f1cebd0278fdb6cbd\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.8_amd64.deb\r\n Size/MD5: 166234 f033393ec3c64058c9a330f3ff8f3ffd\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.8_amd64.deb\r\n Size/MD5: 961898 d2a6a9b40ae45ee16f07081caf554e1f\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.8_i386.deb\r\n Size/MD5: 118560 6e725d3528b0fbf7603ffaca188fd058\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.8_i386.deb\r\n Size/MD5: 146330 c385cbad49d21de849f6deb69a3f24df\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.8_i386.deb\r\n Size/MD5: 873280 e2c56f6d1a5a372b90c416d4270a9136\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.8_powerpc.deb\r\n Size/MD5: 132924 3f6561c503b4aba5bdd7380ca16a9233\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.8_powerpc.deb\r\n Size/MD5: 157382 6b375c5e1da604ff063770a1bacdf9ae\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.8_powerpc.deb\r\n Size/MD5: 959922 18f40de968f784c06595986dc90ac2ba\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.8_sparc.deb\r\n Size/MD5: 120868 e36bb816e65f673852040cbdc9e99fb8\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.8_sparc.deb\r\n Size/MD5: 148406 5ee83d9e8ab2b6a7e43d4486ef4495fd\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.8_sparc.deb\r\n Size/MD5: 903834 7fd3a71e6dfdfd629d15f1484eface61\r\n\r\nUpdated packages for Ubuntu 7.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30-2ubuntu0.3.diff.gz\r\n Size/MD5: 139053 aaea5b917bae9e40a49389eb18ee6b0b\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30-2ubuntu0.3.dsc\r\n Size/MD5: 1333 4bf113a4b679696671b740e0602c0d0c\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz\r\n Size/MD5: 2971126 c40bcc23fa65908b8d7a86a4a6061251\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.3_amd64.deb\r\n Size/MD5: 187762 3daa694023d35e8d1d5906531f77184e\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.3_amd64.deb\r\n Size/MD5: 292432 5e91f231274471465056dab7ac915579\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.3_amd64.deb\r\n Size/MD5: 1228150 2f5c3cff26ded73113db5c3ae9da2c81\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.3_i386.deb\r\n Size/MD5: 156182 d70e186bfda981a71eee3c23b97c92c8\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.3_i386.deb\r\n Size/MD5: 267618 9d188f962935c72538564fe57dded98f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.3_i386.deb\r\n Size/MD5: 1154914 83d7c5c110c5341d3d611dc9fad7cd47\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.3_powerpc.deb\r\n Size/MD5: 203784 f2bc7da688b35227c7f3f8fa171fc504\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.3_powerpc.deb\r\n Size/MD5: 294528 e22c51734656e016714aa23ac0822257\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.3_powerpc.deb\r\n Size/MD5: 1280558 b6ada4c71ffb98a27638af78f2aa945f\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.3_sparc.deb\r\n Size/MD5: 164516 441e58de64bed972d60fbba28e855d7b\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.3_sparc.deb\r\n Size/MD5: 264402 1f166e5072bfcf4059caf05e783e5fb4\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.3_sparc.deb\r\n Size/MD5: 1170022 c140469dc080ee8278d3ecdc235831d6\r\n\r\nUpdated packages for Ubuntu 7.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35-1ubuntu0.3.diff.gz\r\n Size/MD5: 151991 51ff8eebcede1f6fad3e31a2614e79d5\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35-1ubuntu0.3.dsc\r\n Size/MD5: 1343 9b21ec600b40a024bb1f7de69a9e95fb\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35.orig.tar.gz\r\n Size/MD5: 2947629 5096146b7a7eb6ce3b0a97549347b5be\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.3_amd64.deb\r\n Size/MD5: 190088 5325d5369407eb873c98ee7f41615fde\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.3_amd64.deb\r\n Size/MD5: 347238 74514bf63a843d67b3d0910e75709490\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.3_amd64.deb\r\n Size/MD5: 1296502 6a572fccaab720d0e48c047e622dbb54\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.3_i386.deb\r\n Size/MD5: 155520 59776c8fa4c5860f7f6156d8b4914c5f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.3_i386.deb\r\n Size/MD5: 314742 28a30e5baa754d2ae38af9b4ffbce9de\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.3_i386.deb\r\n Size/MD5: 1216458 2c90d198d1d43e88d7588abe53293c71\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.3_lpia.deb\r\n Size/MD5: 154744 8ad5d3c9c3560d8fea8fae38d8d75767\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.3_lpia.deb\r\n Size/MD5: 307278 18d45b49ce6400456015193e6cf600fb\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.3_lpia.deb\r\n Size/MD5: 1211812 783b0db2a54143566988d54cf1a4dcbe\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.3_powerpc.deb\r\n Size/MD5: 205302 c623bf368b4109c62e90e373b9afe23f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.3_powerpc.deb\r\n Size/MD5: 345962 f8c94186487abe14abd758cb55fec8b1\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.3_powerpc.deb\r\n Size/MD5: 1345648 cd8ea44a87c657b0ee27e182ff60fba2\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.3_sparc.deb\r\n Size/MD5: 166528 8bece260d735957a9aae4974419a8e46\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.3_sparc.deb\r\n Size/MD5: 306968 e7cdab9c3df1f7356132f47715e922ed\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.3_sparc.deb\r\n Size/MD5: 1229088 f513afe9b2301f2d6832b1ab1c890581\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.4.9-0ubuntu0.8.04.1.diff.gz\r\n Size/MD5: 144671 58f945638d8a393778cb4df222717edb\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.4.9-0ubuntu0.8.04.1.dsc\r\n Size/MD5: 1547 c6a52c38b25a2f9d5c601c16f178a049\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.4.9.orig.tar.gz\r\n Size/MD5: 3694611 3c0b5ae3d45f5675e67aaf81ce7decc9\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.4.9-0ubuntu0.8.04.1_amd64.deb\r\n Size/MD5: 266934 6e5418f9691e9d706dca198030a16cbe\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.4-2-dbg_2.4.9-0ubuntu0.8.04.1_amd64.deb\r\n Size/MD5: 292184 86aa494fc2b80820183d32b044d16b5f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.4-2_2.4.9-0ubuntu0.8.04.1_amd64.deb\r\n Size/MD5: 197958 090e06973eba26a1cff8e60a7f42a16c\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap2-dev_2.4.9-0ubuntu0.8.04.1_amd64.deb\r\n Size/MD5: 868394 a5d7acae075d2c0826e0413272d018ad\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd-dbg_2.4.9-0ubuntu0.8.04.1_amd64.deb\r\n Size/MD5: 3614964 3c49f3a956ad5db0ccf792d9b8d36dd1\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.4.9-0ubuntu0.8.04.1_amd64.deb\r\n Size/MD5: 1448036 808090c707d68dc9d9901a1c980b3f21\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.4.9-0ubuntu0.8.04.1_i386.deb\r\n Size/MD5: 245424 9219d82631dbe22fa6145206cbe85a98\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.4-2-dbg_2.4.9-0ubuntu0.8.04.1_i386.deb\r\n Size/MD5: 282694 39a3b506f3ee6d8c097dd7d56dcadec3\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.4-2_2.4.9-0ubuntu0.8.04.1_i386.deb\r\n Size/MD5: 182138 cfc345ff59b93219e75ab3eb90b959e7\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap2-dev_2.4.9-0ubuntu0.8.04.1_i386.deb\r\n Size/MD5: 777646 4ce598932a7b6e36fee72664d31b77d3\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd-dbg_2.4.9-0ubuntu0.8.04.1_i386.deb\r\n Size/MD5: 3533272 002c831a1311521e015324200bb25c88\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.4.9-0ubuntu0.8.04.1_i386.deb\r\n Size/MD5: 1354600 ebfd92f0ebc07663e5bdad585efe8259\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/ldap-utils_2.4.9-0ubuntu0.8.04.1_lpia.deb\r\n Size/MD5: 246620 c573b1d987fd0b0f1d6e78b3fdd55e2d\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/libldap-2.4-2-dbg_2.4.9-0ubuntu0.8.04.1_lpia.deb\r\n Size/MD5: 285252 21e10a90681897f42e73c2d75891a829\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/libldap-2.4-2_2.4.9-0ubuntu0.8.04.1_lpia.deb\r\n Size/MD5: 177840 beaddaca16ab416eb8b7213c8f7f21db\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/libldap2-dev_2.4.9-0ubuntu0.8.04.1_lpia.deb\r\n Size/MD5: 779066 8ad40229d8403ab67b89fffa5a5838d4\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/slapd-dbg_2.4.9-0ubuntu0.8.04.1_lpia.deb\r\n Size/MD5: 3565372 471469186a53293b1ca37ae98214182d\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/slapd_2.4.9-0ubuntu0.8.04.1_lpia.deb\r\n Size/MD5: 1348534 7db3b6e67624f788898871bcdf4748ed\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/ldap-utils_2.4.9-0ubuntu0.8.04.1_powerpc.deb\r\n Size/MD5: 286564 9fdfd981184b736acf1ce3f23546fa8d\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/libldap-2.4-2-dbg_2.4.9-0ubuntu0.8.04.1_powerpc.deb\r\n Size/MD5: 288262 2b41a700b9c68003a64552d5878db89e\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/libldap-2.4-2_2.4.9-0ubuntu0.8.04.1_powerpc.deb\r\n Size/MD5: 192710 6f49c29d5c5a0d9057bceb5e3ae56096\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/libldap2-dev_2.4.9-0ubuntu0.8.04.1_powerpc.deb\r\n Size/MD5: 897520 ec87b7bb590ea7960f11d40820c10c4e\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/slapd-dbg_2.4.9-0ubuntu0.8.04.1_powerpc.deb\r\n Size/MD5: 3670418 eba5c8dae9d82d03e92dbc84580f06a2\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/slapd_2.4.9-0ubuntu0.8.04.1_powerpc.deb\r\n Size/MD5: 1494264 8f0cf97e665d58b769f83d542c56acf4\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/ldap-utils_2.4.9-0ubuntu0.8.04.1_sparc.deb\r\n Size/MD5: 248502 d4fbd44307a9920c36d2a6f9df7c1bcf\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/libldap-2.4-2-dbg_2.4.9-0ubuntu0.8.04.1_sparc.deb\r\n Size/MD5: 259242 a6743c6dd9c4409a13081c5ee035ddfd\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/libldap-2.4-2_2.4.9-0ubuntu0.8.04.1_sparc.deb\r\n Size/MD5: 178744 c92678408505baa4a7746140905a66b7\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/libldap2-dev_2.4.9-0ubuntu0.8.04.1_sparc.deb\r\n Size/MD5: 767462 b9432320d29b5c5d1eb6b1e7541561c8\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/slapd-dbg_2.4.9-0ubuntu0.8.04.1_sparc.deb\r\n Size/MD5: 3484818 ff70b240ab888a27628e3b3c3812e335\r\n http://ports.ubuntu.com/pool/main/o/openldap2.3/slapd_2.4.9-0ubuntu0.8.04.1_sparc.deb\r\n Size/MD5: 1349498 66253c6ffd2cb831c24b9713c3edcc87\r\n", "edition": 1, "modified": "2008-08-03T00:00:00", "published": "2008-08-03T00:00:00", "id": "SECURITYVULNS:DOC:20279", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20279", "title": "[USN-634-1] OpenLDAP vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:21:43", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2952"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1650-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 12, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : openldap2.3\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-2952\nDebian Bug : 488710\n\nCameron Hotchkies discovered that the OpenLDAP server slapd, a free\nimplementation of the Lightweight Directory Access Protocol, could be\ncrashed by sending malformed ASN1 requests.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.3.30-5+etch2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.10-3 of the openldap package.\n\nWe recommend that you upgrade your openldap2.3 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz\n Size/MD5 checksum: 2971126 c40bcc23fa65908b8d7a86a4a6061251\n http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch2.diff.gz\n Size/MD5 checksum: 311809 22b5eafd6a8e6375ffe3fec5533a1d5d\n http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch2.dsc\n Size/MD5 checksum: 1205 d266aa1b763c9f0d91f7b062bfb65c86\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_alpha.deb\n Size/MD5 checksum: 1280050 180958ccc394210e2b04ac1c532118cd\n http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_alpha.deb\n Size/MD5 checksum: 292722 cb1433274dce06173ea7e97051863c2b\n http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_alpha.deb\n Size/MD5 checksum: 193424 61f779bea372ee467a4691e219547c21\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_amd64.deb\n Size/MD5 checksum: 1244538 37c9d1aba2a53ff6562678a25b6147ef\n http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_amd64.deb\n Size/MD5 checksum: 285314 a81dd9a9a2d661d95897ca71d5a68527\n http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_amd64.deb\n Size/MD5 checksum: 184558 e22fd11d64bad96ad7a5c6a76f69c872\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_arm.deb\n Size/MD5 checksum: 254636 1537a42a4c76d3c40feb4e35adf10abc\n http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_arm.deb\n Size/MD5 checksum: 141986 fbda3408d6b35a34cd43875ee39c038a\n http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_arm.deb\n Size/MD5 checksum: 1188920 b556015d8462a5eff9e5c00cf65658ff\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_hppa.deb\n Size/MD5 checksum: 292550 a99048fa9bbf6e524a9854c7874481b3\n http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_hppa.deb\n Size/MD5 checksum: 1304974 8a352883c7359d68ac65bef523c8c37d\n http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_hppa.deb\n Size/MD5 checksum: 176956 dc8668a17000f0b6c6993dca2aed517a\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_i386.deb\n Size/MD5 checksum: 266054 84bb5bde130cbc49cce8654fbbf145ed\n http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_i386.deb\n Size/MD5 checksum: 154168 a73aa2fe4c60f7c74dfb7586ad7e9274\n http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_i386.deb\n Size/MD5 checksum: 1174324 e23a1aa2d33eccb2af662fbe4e5b9f6d\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_ia64.deb\n Size/MD5 checksum: 1660820 2cd17aac1591b7f6dbc8ad9806ad7821\n http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_ia64.deb\n Size/MD5 checksum: 379572 112ff502ca043d71907f05ad316aaa0b\n http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_ia64.deb\n Size/MD5 checksum: 239140 db04191db37a5bf2dec66f115803ed70\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_mips.deb\n Size/MD5 checksum: 1205670 2eae08b5aa3717fa050f24831870a835\n http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_mips.deb\n Size/MD5 checksum: 185522 9cb2d778a25d6c904bd84abbbc89fddd\n http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_mips.deb\n Size/MD5 checksum: 258028 4cd6d9a297dc6447e4f8ffb91d1ddddc\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_mipsel.deb\n Size/MD5 checksum: 1188250 7fa6e8454be9cc2b5619fd05c088e666\n http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_mipsel.deb\n Size/MD5 checksum: 258632 369f2d0a5adc823edf8c8dcc7de8a34a\n http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_mipsel.deb\n Size/MD5 checksum: 186796 9c611e11a90f62302cab63f0561d0d1d\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_powerpc.deb\n Size/MD5 checksum: 1243660 2a68e3d27c0238061fdf2aa841befa23\n http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_powerpc.deb\n Size/MD5 checksum: 188790 d274c287d39d1a75bb4b6474ac1c6f34\n http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_powerpc.deb\n Size/MD5 checksum: 272242 896e4fe8de21568e3251f8060c58b145\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_s390.deb\n Size/MD5 checksum: 168388 66e6090f492708f524b83e990857cf83\n http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_s390.deb\n Size/MD5 checksum: 1240878 8b841b579a2ed5f7c990e5ffbcf76847\n http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_s390.deb\n Size/MD5 checksum: 291518 c49e29b487788b2d5a2025cedacf5ee6\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_sparc.deb\n Size/MD5 checksum: 155004 ec1fc16d622ec4b1ecf2e2ca8b12d398\n http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_sparc.deb\n Size/MD5 checksum: 256832 0fd6fcf2e1a0a54917c21009df1172f7\n http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_sparc.deb\n Size/MD5 checksum: 1167556 0e95399858cd08f38c143e57c25c3db0\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2008-10-12T09:36:06", "published": "2008-10-12T09:36:06", "id": "DEBIAN:DSA-1650-1:999F2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00242.html", "title": "[SECURITY] [DSA 1650-1] New openldap2.3 packags fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2952"], "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. ", "modified": "2008-07-03T03:17:22", "published": "2008-07-03T03:17:22", "id": "FEDORA:M633H3YL018502", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: openldap-2.4.8-6.fc9", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0658", "CVE-2008-2952"], "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. ", "modified": "2008-07-03T03:15:35", "published": "2008-07-03T03:15:35", "id": "FEDORA:M633FJJG018319", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: openldap-2.3.39-4.fc8", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-01T05:50:21", "description": "This update fixes a security problem in the liblber client library of\nopenldap that allowed remote attackers to cause a denial of service\n(program termination) via crafted ASN.1 BER datagrams, which triggers\nan assertion error. (CVE-2008-2952) Additionally a bug was fixed in\nldap_free_connection which could result in client crashes when the\nserver closed a connection while an operation is active.", "edition": 22, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12222)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12222.NASL", "href": "https://www.tenable.com/plugins/nessus/41232", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41232);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:31\");\n\n script_cve_id(\"CVE-2008-2952\");\n\n script_name(english:\"SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12222)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a security problem in the liblber client library of\nopenldap that allowed remote attackers to cause a denial of service\n(program termination) via crafted ASN.1 BER datagrams, which triggers\nan assertion error. (CVE-2008-2952) Additionally a bug was fixed in\nldap_free_connection which could result in client crashes when the\nserver closed a connection while an operation is active.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2952.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12222.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-2.2.24-4.29\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-back-ldap-2.2.24-4.29\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-back-meta-2.2.24-4.29\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-back-monitor-2.2.24-4.29\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-back-perl-2.2.24-4.29\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-client-2.2.24-4.29\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openldap2-devel-2.2.24-4.29\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"openldap2-client-32bit-9-200808130009\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"openldap2-devel-32bit-9-200808130009\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T04:35:31", "description": "From Red Hat Security Advisory 2008:0583 :\n\nUpdated openldap packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nOpenLDAP is an open source suite of Lightweight Directory Access\nProtocol (LDAP) applications and development tools. LDAP is a set of\nprotocols for accessing directory services.\n\nA denial of service flaw was found in the way the OpenLDAP slapd\ndaemon processed certain network messages. An unauthenticated remote\nattacker could send a specially crafted request that would crash the\nslapd daemon. (CVE-2008-2952)\n\nUsers of openldap should upgrade to these updated packages, which\ncontain a backported patch to correct this issue.", "edition": 23, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : openldap (ELSA-2008-0583)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openldap", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:openldap-servers", "p-cpe:/a:oracle:linux:openldap-clients", "p-cpe:/a:oracle:linux:openldap-devel", "p-cpe:/a:oracle:linux:openldap-servers-sql", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:compat-openldap"], "id": "ORACLELINUX_ELSA-2008-0583.NASL", "href": "https://www.tenable.com/plugins/nessus/67724", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0583 and \n# Oracle Linux Security Advisory ELSA-2008-0583 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67724);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:07\");\n\n script_cve_id(\"CVE-2008-2952\");\n script_bugtraq_id(30013);\n script_xref(name:\"RHSA\", value:\"2008:0583\");\n\n script_name(english:\"Oracle Linux 4 / 5 : openldap (ELSA-2008-0583)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0583 :\n\nUpdated openldap packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nOpenLDAP is an open source suite of Lightweight Directory Access\nProtocol (LDAP) applications and development tools. LDAP is a set of\nprotocols for accessing directory services.\n\nA denial of service flaw was found in the way the OpenLDAP slapd\ndaemon processed certain network messages. An unauthenticated remote\nattacker could send a specially crafted request that would crash the\nslapd daemon. (CVE-2008-2952)\n\nUsers of openldap should upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-July/000672.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-July/000673.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"compat-openldap-2.1.30-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"openldap-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"openldap-clients-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"openldap-devel-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"openldap-servers-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"openldap-servers-sql-2.2.13-8.el4_6.5\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"compat-openldap-2.3.27_2.2.29-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-2.3.27-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-clients-2.3.27-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-devel-2.3.27-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-servers-2.3.27-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-servers-sql-2.3.27-8.el5_2.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / openldap / openldap-clients / openldap-devel / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:52:24", "description": "The remote host is affected by the vulnerability described in GLSA-200808-09\n(OpenLDAP: Denial of Service vulnerability)\n\n Cameron Hotchkies discovered an error within the parsing of ASN.1 BER\n encoded packets in the 'ber_get_next()' function in\n libraries/liblber/io.c.\n \nImpact :\n\n A remote unauthenticated attacker can send a specially crafted ASN.1\n BER encoded packet which will trigger the error and cause an\n 'assert()', terminating the 'slapd' daemon.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2008-08-10T00:00:00", "title": "GLSA-200808-09 : OpenLDAP: Denial of Service vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "modified": "2008-08-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:openldap"], "id": "GENTOO_GLSA-200808-09.NASL", "href": "https://www.tenable.com/plugins/nessus/33855", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200808-09.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33855);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2952\");\n script_xref(name:\"GLSA\", value:\"200808-09\");\n\n script_name(english:\"GLSA-200808-09 : OpenLDAP: Denial of Service vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200808-09\n(OpenLDAP: Denial of Service vulnerability)\n\n Cameron Hotchkies discovered an error within the parsing of ASN.1 BER\n encoded packets in the 'ber_get_next()' function in\n libraries/liblber/io.c.\n \nImpact :\n\n A remote unauthenticated attacker can send a specially crafted ASN.1\n BER encoded packet which will trigger the error and cause an\n 'assert()', terminating the 'slapd' daemon.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200808-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenLDAP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-nds/openldap-2.3.43'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-nds/openldap\", unaffected:make_list(\"ge 2.3.43\"), vulnerable:make_list(\"lt 2.3.43\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenLDAP\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:35", "description": "This update fixes CVE-2008-2952 - remote unauthenticated slapd DoS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2008-07-08T00:00:00", "title": "Fedora 8 : openldap-2.3.39-4.fc8 (2008-6029)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "modified": "2008-07-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openldap", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-6029.NASL", "href": "https://www.tenable.com/plugins/nessus/33407", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-6029.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33407);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2952\");\n script_bugtraq_id(30013);\n script_xref(name:\"FEDORA\", value:\"2008-6029\");\n\n script_name(english:\"Fedora 8 : openldap-2.3.39-4.fc8 (2008-6029)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2008-2952 - remote unauthenticated slapd DoS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=453444\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-July/011989.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f3644c1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"openldap-2.3.39-4.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:32:59", "description": "A denial of service flaw was found in the way the OpenLDAP slapd\ndaemon processed certain network messages. An unauthenticated remote\nattacker could send a specially crafted request that would crash the\nslapd daemon. (CVE-2008-2952)", "edition": 23, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : openldap on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "modified": "2021-01-02T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080709_OPENLDAP_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60436", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60436);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:17\");\n\n script_cve_id(\"CVE-2008-2952\");\n\n script_name(english:\"Scientific Linux Security Update : openldap on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the way the OpenLDAP slapd\ndaemon processed certain network messages. An unauthenticated remote\nattacker could send a specially crafted request that would crash the\nslapd daemon. (CVE-2008-2952)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&P=678\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a06f56b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"compat-openldap-2.1.30-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openldap-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openldap-clients-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openldap-devel-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openldap-servers-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openldap-servers-sql-2.2.13-8.el4_6.5\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"compat-openldap-2.3.27_2.2.29-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-2.3.27-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-clients-2.3.27-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-devel-2.3.27-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-servers-2.3.27-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openldap-servers-sql-2.3.27-8.el5_2.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:25:22", "description": "Updated openldap packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nOpenLDAP is an open source suite of Lightweight Directory Access\nProtocol (LDAP) applications and development tools. LDAP is a set of\nprotocols for accessing directory services.\n\nA denial of service flaw was found in the way the OpenLDAP slapd\ndaemon processed certain network messages. An unauthenticated remote\nattacker could send a specially crafted request that would crash the\nslapd daemon. (CVE-2008-2952)\n\nUsers of openldap should upgrade to these updated packages, which\ncontain a backported patch to correct this issue.", "edition": 26, "published": "2008-07-15T00:00:00", "title": "CentOS 4 / 5 : openldap (CESA-2008:0583)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "modified": "2008-07-15T00:00:00", "cpe": ["p-cpe:/a:centos:centos:compat-openldap", "p-cpe:/a:centos:centos:openldap", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:openldap-servers-sql", "p-cpe:/a:centos:centos:openldap-servers", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:openldap-devel", "p-cpe:/a:centos:centos:openldap-clients"], "id": "CENTOS_RHSA-2008-0583.NASL", "href": "https://www.tenable.com/plugins/nessus/33490", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0583 and \n# CentOS Errata and Security Advisory 2008:0583 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33490);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-2952\");\n script_bugtraq_id(30013);\n script_xref(name:\"RHSA\", value:\"2008:0583\");\n\n script_name(english:\"CentOS 4 / 5 : openldap (CESA-2008:0583)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openldap packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nOpenLDAP is an open source suite of Lightweight Directory Access\nProtocol (LDAP) applications and development tools. LDAP is a set of\nprotocols for accessing directory services.\n\nA denial of service flaw was found in the way the OpenLDAP slapd\ndaemon processed certain network messages. An unauthenticated remote\nattacker could send a specially crafted request that would crash the\nslapd daemon. (CVE-2008-2952)\n\nUsers of openldap should upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015094.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f89aee54\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015100.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b2f53bc\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015101.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bdddcee9\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?248c6f17\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c46cea41\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"compat-openldap-2.1.30-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"compat-openldap-2.1.30-8.c4.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"compat-openldap-2.1.30-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openldap-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openldap-2.2.13-8.c4.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openldap-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openldap-clients-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openldap-clients-2.2.13-8.c4.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openldap-clients-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openldap-devel-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openldap-devel-2.2.13-8.c4.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openldap-devel-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openldap-servers-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openldap-servers-2.2.13-8.c4.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openldap-servers-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openldap-servers-sql-2.2.13-8.el4_6.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openldap-servers-sql-2.2.13-8.c4.5\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openldap-servers-sql-2.2.13-8.el4_6.5\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"compat-openldap-2.3.27_2.2.29-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openldap-2.3.27-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openldap-clients-2.3.27-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openldap-devel-2.3.27-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openldap-servers-2.3.27-8.el5_2.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openldap-servers-sql-2.3.27-8.el5_2.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / openldap / openldap-clients / openldap-devel / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:35", "description": "This update fixes CVE-2008-2952 - remote unauthenticated slapd DoS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2008-07-08T00:00:00", "title": "Fedora 9 : openldap-2.4.8-6.fc9 (2008-6062)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "modified": "2008-07-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openldap", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2008-6062.NASL", "href": "https://www.tenable.com/plugins/nessus/33412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-6062.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33412);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2952\");\n script_bugtraq_id(30013);\n script_xref(name:\"FEDORA\", value:\"2008-6062\");\n\n script_name(english:\"Fedora 9 : openldap-2.4.8-6.fc9 (2008-6062)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2008-2952 - remote unauthenticated slapd DoS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=453444\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-July/012009.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b28581cd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"openldap-2.4.8-6.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T06:32:56", "description": "This update fixes a security problem in the liblber client library of\nopenldap that allowed remote attackers to cause a denial of service\n(program termination) via crafted ASN.1 BER datagrams, which triggers\nan assertion error. (CVE-2008-2952) Additionally a bug was fixed in\nldap_free_connection which could result in client crashes when the\nserver closed a connection while an operation is active.", "edition": 22, "published": "2008-10-17T00:00:00", "title": "SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 5511)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPENLDAP2-5511.NASL", "href": "https://www.tenable.com/plugins/nessus/34441", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34441);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-2952\");\n\n script_name(english:\"SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 5511)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a security problem in the liblber client library of\nopenldap that allowed remote attackers to cause a denial of service\n(program termination) via crafted ASN.1 BER datagrams, which triggers\nan assertion error. (CVE-2008-2952) Additionally a bug was fixed in\nldap_free_connection which could result in client crashes when the\nserver closed a connection while an operation is active.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2952.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5511.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"openldap2-2.3.32-0.25.12\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"openldap2-client-2.3.32-0.23.12\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"openldap2-devel-2.3.32-0.23.12\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"openldap2-client-32bit-2.3.32-0.23.12\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"openldap2-devel-32bit-2.3.32-0.23.12\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"openldap2-2.3.32-0.30\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"openldap2-client-2.3.32-0.28\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"openldap2-devel-2.3.32-0.28\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"openldap2-client-32bit-2.3.32-0.28\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"openldap2-devel-32bit-2.3.32-0.28\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"openldap2-2.3.32-0.25.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"openldap2-back-meta-2.3.32-0.25.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"openldap2-back-perl-2.3.32-0.25.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"openldap2-client-2.3.32-0.23.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"openldap2-devel-2.3.32-0.23.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"openldap2-client-32bit-2.3.32-0.23.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"openldap2-devel-32bit-2.3.32-0.23.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"openldap2-2.3.32-0.30\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"openldap2-back-meta-2.3.32-0.30\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"openldap2-back-perl-2.3.32-0.30\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"openldap2-client-2.3.32-0.28\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"openldap2-devel-2.3.32-0.28\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"openldap2-client-32bit-2.3.32-0.28\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"openldap2-devel-32bit-2.3.32-0.28\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T06:56:40", "description": "Cameron Hotchkies discovered that OpenLDAP did not correctly handle\ncertain ASN.1 BER data. A remote attacker could send a specially\ncrafted packet and crash slapd, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2008-08-04T00:00:00", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : openldap2.2, openldap2.3 vulnerability (USN-634-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:libldap2-dev", "p-cpe:/a:canonical:ubuntu_linux:ldap-utils", "p-cpe:/a:canonical:ubuntu_linux:libldap-2.3-0", "p-cpe:/a:canonical:ubuntu_linux:libldap-2.4-2-dbg", "p-cpe:/a:canonical:ubuntu_linux:slapd-dbg", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:slapd", "p-cpe:/a:canonical:ubuntu_linux:libldap-2.4-2", "p-cpe:/a:canonical:ubuntu_linux:libldap-2.2-7", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-634-1.NASL", "href": "https://www.tenable.com/plugins/nessus/33809", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-634-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33809);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:33:02\");\n\n script_cve_id(\"CVE-2008-2952\");\n script_xref(name:\"USN\", value:\"634-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : openldap2.2, openldap2.3 vulnerability (USN-634-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Cameron Hotchkies discovered that OpenLDAP did not correctly handle\ncertain ASN.1 BER data. A remote attacker could send a specially\ncrafted packet and crash slapd, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/634-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ldap-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libldap-2.2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libldap-2.3-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libldap-2.4-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libldap-2.4-2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libldap2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:slapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:slapd-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.04|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.04 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ldap-utils\", pkgver:\"2.2.26-5ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libldap-2.2-7\", pkgver:\"2.2.26-5ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"slapd\", pkgver:\"2.2.26-5ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"ldap-utils\", pkgver:\"2.3.30-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libldap-2.3-0\", pkgver:\"2.3.30-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"slapd\", pkgver:\"2.3.30-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"ldap-utils\", pkgver:\"2.3.35-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libldap-2.3-0\", pkgver:\"2.3.35-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"slapd\", pkgver:\"2.3.35-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ldap-utils\", pkgver:\"2.4.9-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libldap-2.4-2\", pkgver:\"2.4.9-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libldap-2.4-2-dbg\", pkgver:\"2.4.9-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libldap2-dev\", pkgver:\"2.4.9-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"slapd\", pkgver:\"2.4.9-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"slapd-dbg\", pkgver:\"2.4.9-0ubuntu0.8.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ldap-utils / libldap-2.2-7 / libldap-2.3-0 / libldap-2.4-2 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:51:54", "description": "A denial of service vulnerability was discovered in the way the\nOpenLDAP slapd daemon processed certain network messages. An\nunauthenticated remote attacker could send a specially crafted request\nthat would crash the slapd daemon (CVE-2008-2952).\n\nThe updated packages have been patched to correct this issue.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : openldap (MDVSA-2008:144)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2952"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libldap2.3_0", "p-cpe:/a:mandriva:linux:openldap-clients", "p-cpe:/a:mandriva:linux:lib64ldap2.4_2", "p-cpe:/a:mandriva:linux:libldap2.3_0-devel", "p-cpe:/a:mandriva:linux:openldap-tests", "p-cpe:/a:mandriva:linux:lib64ldap2.4_2-static-devel", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:openldap-doc", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:lib64ldap2.3_0", "p-cpe:/a:mandriva:linux:lib64ldap2.3_0-devel", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:openldap-servers", "p-cpe:/a:mandriva:linux:openldap-testprogs", "p-cpe:/a:mandriva:linux:libldap2.4_2-static-devel", "p-cpe:/a:mandriva:linux:libldap2.3_0-static-devel", "p-cpe:/a:mandriva:linux:libldap2.4_2-devel", "p-cpe:/a:mandriva:linux:lib64ldap2.4_2-devel", "p-cpe:/a:mandriva:linux:libldap2.4_2", "p-cpe:/a:mandriva:linux:lib64ldap2.3_0-static-devel", "p-cpe:/a:mandriva:linux:openldap"], "id": "MANDRIVA_MDVSA-2008-144.NASL", "href": "https://www.tenable.com/plugins/nessus/36770", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:144. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36770);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2952\");\n script_bugtraq_id(30013);\n script_xref(name:\"MDVSA\", value:\"2008:144\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openldap (MDVSA-2008:144)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service vulnerability was discovered in the way the\nOpenLDAP slapd daemon processed certain network messages. An\nunauthenticated remote attacker could send a specially crafted request\nthat would crash the slapd daemon (CVE-2008-2952).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.3_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.3_0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.3_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.3_0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.4_2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.4_2-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-testprogs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-2.3.34-5.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-devel-2.3.34-5.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-static-devel-2.3.34-5.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libldap2.3_0-2.3.34-5.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libldap2.3_0-devel-2.3.34-5.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libldap2.3_0-static-devel-2.3.34-5.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"openldap-2.3.34-5.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"openldap-clients-2.3.34-5.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"openldap-doc-2.3.34-5.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"openldap-servers-2.3.34-5.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"openldap-testprogs-2.3.34-5.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"openldap-tests-2.3.34-5.3mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-2.3.38-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-devel-2.3.38-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ldap2.3_0-static-devel-2.3.38-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libldap2.3_0-2.3.38-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libldap2.3_0-devel-2.3.38-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libldap2.3_0-static-devel-2.3.38-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-2.3.38-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-clients-2.3.38-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-doc-2.3.38-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-servers-2.3.38-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-testprogs-2.3.38-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"openldap-tests-2.3.38-3.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-2.4.8-2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-devel-2.4.8-2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-static-devel-2.4.8-2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libldap2.4_2-2.4.8-2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libldap2.4_2-devel-2.4.8-2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libldap2.4_2-static-devel-2.4.8-2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"openldap-2.4.8-2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"openldap-clients-2.4.8-2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"openldap-doc-2.4.8-2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"openldap-servers-2.4.8-2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"openldap-testprogs-2.4.8-2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"openldap-tests-2.4.8-2.1mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
