7 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-4984
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS...
RHEL 7 : openldap (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openldap: ACL restrictions bypass due to saslssf value being set permanently CVE-2019-13565 -...
RHEL 6 : openldap-servers (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file CVE-2016-4984...
RHEL 5 : openldap-servers (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file CVE-2016-4984...
CVE-2016-4984
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it...
CVE-2016-4984
CVE-2016-4984 affects openldap-servers; the issue is a race condition in /usr/libexec/openldap/generate-server-cert.sh that leads to weak permissions on the TLS certificate. This allows a local authenticated user to obtain the TLS certificate by exploiting the creation/chmod race. The IBM X-Force...
CVE-2016-4984
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it...