{"id": "SECURITYVULNS:DOC:31903", "bulletinFamily": "software", "title": "[SECURITY] [DSA 3209-1] openldap security update", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3209-1 security@debian.org\r\nhttp://www.debian.org/security/ Yves-Alexis Perez\r\nMarch 30, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : openldap\r\nCVE ID : CVE-2013-4449 CVE-2014-9713 CVE-2015-1545\r\nDebian Bug : 729367 761406 776988\r\n\r\nMultiple vulnerabilities were found in OpenLDAP, a free implementation\r\nof the Lightweight Directory Access Protocol.\r\n\r\nCVE-2013-4449\r\n\r\n Michael Vishchers from Seven Principles AG discovered a denial of\r\n service vulnerability in slapd, the directory server implementation.\r\n When the server is configured to used the RWM overlay, an attacker\r\n can make it crash by unbinding just after connecting, because of an\r\n issue with reference counting.\r\n\r\nCVE-2014-9713\r\n\r\n The default Debian configuration of the directory database allows\r\n every users to edit their own attributes. When LDAP directories are\r\n used for access control, and this is done using user attributes, an\r\n authenticated user can leverage this to gain access to unauthorized\r\n resources.\r\n .\r\n Please note this is a Debian specific vulnerability.\r\n .\r\n The new package won't use the unsafe access control rule for new\r\n databases, but existing configurations won't be automatically\r\n modified. Administrators are incited to look at the README.Debian\r\n file provided by the updated package if they need to fix the access\r\n control rule.\r\n\r\nCVE-2015-1545\r\n\r\n Ryan Tandy discovered a denial of service vulnerability in slapd.\r\n When using the deref overlay, providing an empty attribute list in\r\n a query makes the daemon crashes.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 2.4.31-2.\r\n\r\nFor the upcoming stable distribution (jessie), these problems have been\r\nfixed in version 2.4.40-4.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 2.4.40-4.\r\n\r\nWe recommend that you upgrade your openldap packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2\r\n\r\niQEcBAEBCgAGBQJVGbpWAAoJEG3bU/KmdcCl7AMH/Aw2b5XLEULZTFxMbqWCq/Rm\r\nzgNe+Rf8OK/0jIiohtUh0ZmpFb74zw8AluV8fRK6V/4Pk+/JStOkcI01fCjrr5mT\r\nR30BNzy/sH9GBdlRxFEWtlFi6/8g+rxuq5MHBhrAXDre34ZMk4gAUsbGaeF6NQKM\r\nhLaqqG1dmhEGg3X/7TzfXR4fJm4SKyy/ZOBslmrXzW1cM6ttu7FmQlywaTgHvUfr\r\ncL+vo99jYDl7dg8Ne74WLXsepTEsnm4x2yT9c6u28UJ9eDrNybeaux6WEu6eMh4x\r\nPnU+4lbgLE/lFDplBOxYTykDPwRbaZIV9xE21UgtSXSqaCQ+jkRg8qOu9P4u13A=\r\n=lYTz\r\n-----END PGP SIGNATURE-----\r\n\r\n", "published": "2015-04-13T00:00:00", "modified": "2015-04-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31903", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-1545", "CVE-2014-9713", "CVE-2013-4449"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:58", "edition": 1, "viewCount": 1, "enchantments": {"score": {"value": 6.3, "vector": "NONE", "modified": "2018-08-31T11:10:58", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-9713", "CVE-2015-1545", "CVE-2013-4449"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871128", "OPENVAS:871119", "OPENVAS:703209", "OPENVAS:1361412562310867499", "OPENVAS:1361412562310869236", "OPENVAS:1361412562310842231", "OPENVAS:1361412562310842439", "OPENVAS:867561", "OPENVAS:881872", "OPENVAS:1361412562310703209"]}, {"type": "debian", "idList": ["DEBIAN:DLA-203-1:89B5F", "DEBIAN:DSA-3209-1:69E49"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30460", "SECURITYVULNS:DOC:31890", "SECURITYVULNS:VULN:13672", "SECURITYVULNS:VULN:14377", "SECURITYVULNS:VULN:14366"]}, {"type": "nessus", "idList": ["SUSE_11_OPENLDAP2-20150423-150413.NASL", "SL_20140203_OPENLDAP_ON_SL6_X.NASL", "ALA_ALAS-2014-294.NASL", "UBUNTU_USN-2742-1.NASL", "FEDORA_2015-2055.NASL", "UBUNTU_USN-2622-1.NASL", "DEBIAN_DSA-3209.NASL", "MANDRIVA_MDVSA-2015-074.NASL", "DEBIAN_DLA-203.NASL", "FEDORA_2014-2012.NASL"]}, {"type": "f5", "idList": ["SOL16343", "SOL16882", "F5:K16882"]}, {"type": "ubuntu", "idList": ["USN-2622-1", "USN-2742-1"]}, {"type": "fedora", "idList": ["FEDORA:CF836215C9", "FEDORA:172CF20AFA", "FEDORA:38B5C608798F"]}, {"type": "centos", "idList": ["CESA-2014:0206", "CESA-2014:0126"]}, {"type": "redhat", "idList": ["RHSA-2014:0126", "RHSA-2014:0206"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0126", "ELSA-2014-0206"]}, {"type": "amazon", "idList": ["ALAS-2014-294"]}, {"type": "seebug", "idList": ["SSV:62076"]}, {"type": "kaspersky", "idList": ["KLA10486"]}, {"type": "apple", "idList": ["APPLE:HT210788"]}], "modified": "2018-08-31T11:10:58", "rev": 2}, "vulnersScore": 6.3}, "affectedSoftware": []}

{"cve": [{"lastseen": "2020-10-03T12:01:24", "description": "The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.", "edition": 3, "cvss3": {}, "published": "2015-04-01T14:59:00", "title": "CVE-2014-9713", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9713"], "modified": "2016-12-22T02:59:00", "cpe": ["cpe:/a:openldap:openldap:2.4.25", "cpe:/a:openldap:openldap:2.4.35", "cpe:/a:openldap:openldap:2.4.37", "cpe:/a:openldap:openldap:2.4.32", "cpe:/a:openldap:openldap:2.4.38", "cpe:/a:openldap:openldap:2.4.26", "cpe:/a:openldap:openldap:2.4.29", "cpe:/a:openldap:openldap:2.4.27", "cpe:/a:openldap:openldap:2.4.23", "cpe:/a:openldap:openldap:2.4.33", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:openldap:openldap:2.4.30", "cpe:/a:openldap:openldap:2.4.36", "cpe:/a:openldap:openldap:2.4.34", "cpe:/a:openldap:openldap:2.4.24", "cpe:/a:openldap:openldap:2.4.28", "cpe:/a:openldap:openldap:2.4.39", "cpe:/a:openldap:openldap:2.4.31"], "id": "CVE-2014-9713", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9713", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.37:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.39:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.38:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:45", "description": "The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.", "edition": 8, "cvss3": {}, "published": "2014-02-05T18:55:00", "title": "CVE-2013-4449", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4449"], "modified": "2016-12-08T03:03:00", "cpe": ["cpe:/a:openldap:openldap:2.4.25", "cpe:/a:openldap:openldap:2.4.35", "cpe:/a:openldap:openldap:2.4.18", "cpe:/a:openldap:openldap:2.4.16", "cpe:/a:openldap:openldap:2.4.6", "cpe:/a:openldap:openldap:2.4.32", "cpe:/a:openldap:openldap:2.4.26", "cpe:/a:openldap:openldap:2.4.19", "cpe:/a:openldap:openldap:2.4.29", "cpe:/a:openldap:openldap:2.4.20", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:openldap:openldap:2.4.27", "cpe:/a:openldap:openldap:2.4.21", "cpe:/a:openldap:openldap:2.4.14", "cpe:/a:openldap:openldap:2.4.7", "cpe:/a:openldap:openldap:2.4.23", "cpe:/a:openldap:openldap:2.4.33", "cpe:/a:openldap:openldap:2.4.11", "cpe:/a:openldap:openldap:2.4.10", "cpe:/a:openldap:openldap:2.4.13", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:openldap:openldap:2.4.17", "cpe:/a:openldap:openldap:2.4.30", "cpe:/a:openldap:openldap:2.4.8", "cpe:/a:openldap:openldap:2.4.36", "cpe:/a:openldap:openldap:2.4.34", "cpe:/a:openldap:openldap:2.4.24", "cpe:/a:openldap:openldap:2.4.15", "cpe:/a:openldap:openldap:2.4.22", "cpe:/a:openldap:openldap:2.4.28", "cpe:/a:openldap:openldap:2.4.12", "cpe:/a:openldap:openldap:2.4.31", "cpe:/a:openldap:openldap:2.4.9"], "id": "CVE-2013-4449", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4449", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:49:48", "description": "The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.\n<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "edition": 6, "cvss3": {}, "published": "2015-02-12T16:59:00", "title": "CVE-2015-1545", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1545"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:openldap:openldap:2.4.25", "cpe:/a:openldap:openldap:2.4.35", "cpe:/a:openldap:openldap:2.4.18", "cpe:/a:openldap:openldap:2.4.16", "cpe:/a:openldap:openldap:2.4.37", "cpe:/a:openldap:openldap:2.4.32", "cpe:/a:openldap:openldap:2.4.38", "cpe:/a:openldap:openldap:2.4.26", "cpe:/a:openldap:openldap:2.4.19", "cpe:/a:openldap:openldap:2.4.29", "cpe:/a:openldap:openldap:2.4.20", "cpe:/a:openldap:openldap:2.4.27", "cpe:/a:openldap:openldap:2.4.21", "cpe:/a:openldap:openldap:2.4.14", "cpe:/a:openldap:openldap:2.4.23", "cpe:/a:openldap:openldap:2.4.33", "cpe:/a:openldap:openldap:2.4.13", "cpe:/a:openldap:openldap:2.4.17", "cpe:/a:openldap:openldap:2.4.30", "cpe:/a:openldap:openldap:2.4.36", "cpe:/a:openldap:openldap:2.4.34", "cpe:/a:openldap:openldap:2.4.24", "cpe:/a:openldap:openldap:2.4.15", "cpe:/a:openldap:openldap:2.4.22", "cpe:/a:openldap:openldap:2.4.28", "cpe:/a:openldap:openldap:2.4.39", "cpe:/a:openldap:openldap:2.4.40", "cpe:/a:openldap:openldap:2.4.31"], "id": "CVE-2015-1545", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1545", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.37:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.39:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.38:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.40:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*", "cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:52:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1545", "CVE-2014-9713", "CVE-2013-4449"], "description": "Multiple vulnerabilities were\nfound in OpenLDAP, a free implementation of the Lightweight Directory Access\nProtocol.\n\nCVE-2013-4449 \nMichael Vishchers from Seven Principles AG discovered a denial of\nservice vulnerability in slapd, the directory server implementation.\nWhen the server is configured to used the RWM overlay, an attacker\ncan make it crash by unbinding just after connecting, because of an\nissue with reference counting.\n\nCVE-2014-9713 \nThe default Debian configuration of the directory database allows\nevery users to edit their own attributes. When LDAP directories are\nused for access control, and this is done using user attributes, an\nauthenticated user can leverage this to gain access to unauthorized\nresources.\n\nPlease note this is a Debian specific vulnerability.\n\nThe new package won", "modified": "2017-07-07T00:00:00", "published": "2015-03-30T00:00:00", "id": "OPENVAS:703209", "href": "http://plugins.openvas.org/nasl.php?oid=703209", "type": "openvas", "title": "Debian Security Advisory DSA 3209-1 (openldap - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3209.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3209-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703209);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2013-4449\", \"CVE-2014-9713\", \"CVE-2015-1545\");\n script_name(\"Debian Security Advisory DSA 3209-1 (openldap - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-03-30 00:00:00 +0200 (Mon, 30 Mar 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3209.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openldap on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 2.4.31-2.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.4.40-4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.40-4.\n\nWe recommend that you upgrade your openldap packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were\nfound in OpenLDAP, a free implementation of the Lightweight Directory Access\nProtocol.\n\nCVE-2013-4449 \nMichael Vishchers from Seven Principles AG discovered a denial of\nservice vulnerability in slapd, the directory server implementation.\nWhen the server is configured to used the RWM overlay, an attacker\ncan make it crash by unbinding just after connecting, because of an\nissue with reference counting.\n\nCVE-2014-9713 \nThe default Debian configuration of the directory database allows\nevery users to edit their own attributes. When LDAP directories are\nused for access control, and this is done using user attributes, an\nauthenticated user can leverage this to gain access to unauthorized\nresources.\n\nPlease note this is a Debian specific vulnerability.\n\nThe new package won't use the unsafe access control rule for new\ndatabases, but existing configurations won't be automatically\nmodified. Administrators are incited to look at the README.Debian\nfile provided by the updated package if they need to fix the access\ncontrol rule.\n\nCVE-2015-1545 \nRyan Tandy discovered a denial of service vulnerability in slapd.\nWhen using the deref overlay, providing an empty attribute list in\na query makes the daemon crashes.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ldap-utils\", ver:\"2.4.31-2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap-2.4-2:amd64\", ver:\"2.4.31-2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap-2.4-2:i386\", ver:\"2.4.31-2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap-2.4-2-dbg:amd64\", ver:\"2.4.31-2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap-2.4-2-dbg:i386\", ver:\"2.4.31-2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap2-dev:amd64\", ver:\"2.4.31-2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libldap2-dev:i386\", ver:\"2.4.31-2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.4.31-2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slapd-dbg\", ver:\"2.4.31-2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"slapd-smbk5pwd\", ver:\"2.4.31-2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1545", "CVE-2014-9713", "CVE-2013-4449"], "description": "Multiple vulnerabilities were\nfound in OpenLDAP, a free implementation of the Lightweight Directory Access\nProtocol.\n\nCVE-2013-4449\nMichael Vishchers from Seven Principles AG discovered a denial of\nservice vulnerability in slapd, the directory server implementation.\nWhen the server is configured to used the RWM overlay, an attacker\ncan make it crash by unbinding just after connecting, because of an\nissue with reference counting.\n\nCVE-2014-9713\nThe default Debian configuration of the directory database allows\nevery users to edit their own attributes. When LDAP directories are\nused for access control, and this is done using user attributes, an\nauthenticated user can leverage this to gain access to unauthorized\nresources.\n\nPlease note this is a Debian specific vulnerability.\n\nThe new package won", "modified": "2019-03-18T00:00:00", "published": "2015-03-30T00:00:00", "id": "OPENVAS:1361412562310703209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703209", "type": "openvas", "title": "Debian Security Advisory DSA 3209-1 (openldap - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3209.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3209-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703209\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2013-4449\", \"CVE-2014-9713\", \"CVE-2015-1545\");\n script_name(\"Debian Security Advisory DSA 3209-1 (openldap - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-30 00:00:00 +0200 (Mon, 30 Mar 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3209.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"openldap on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 2.4.31-2.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.4.40-4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.40-4.\n\nWe recommend that you upgrade your openldap packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were\nfound in OpenLDAP, a free implementation of the Lightweight Directory Access\nProtocol.\n\nCVE-2013-4449\nMichael Vishchers from Seven Principles AG discovered a denial of\nservice vulnerability in slapd, the directory server implementation.\nWhen the server is configured to used the RWM overlay, an attacker\ncan make it crash by unbinding just after connecting, because of an\nissue with reference counting.\n\nCVE-2014-9713\nThe default Debian configuration of the directory database allows\nevery users to edit their own attributes. When LDAP directories are\nused for access control, and this is done using user attributes, an\nauthenticated user can leverage this to gain access to unauthorized\nresources.\n\nPlease note this is a Debian specific vulnerability.\n\nThe new package won't use the unsafe access control rule for new\ndatabases, but existing configurations won't be automatically\nmodified. Administrators are incited to look at the README.Debian\nfile provided by the updated package if they need to fix the access\ncontrol rule.\n\nCVE-2015-1545\nRyan Tandy discovered a denial of service vulnerability in slapd.\nWhen using the deref overlay, providing an empty attribute list in\na query makes the daemon crashes.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"ldap-utils\", ver:\"2.4.31-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libldap-2.4-2:amd64\", ver:\"2.4.31-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libldap-2.4-2:i386\", ver:\"2.4.31-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libldap-2.4-2-dbg:amd64\", ver:\"2.4.31-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libldap-2.4-2-dbg:i386\", ver:\"2.4.31-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libldap2-dev:amd64\", ver:\"2.4.31-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libldap2-dev:i386\", ver:\"2.4.31-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.4.31-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"slapd-dbg\", ver:\"2.4.31-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"slapd-smbk5pwd\", ver:\"2.4.31-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1545", "CVE-2012-1164", "CVE-2013-4449"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310842231", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842231", "type": "openvas", "title": "Ubuntu Update for openldap USN-2622-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openldap USN-2622-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842231\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 11:09:41 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2012-1164\", \"CVE-2013-4449\", \"CVE-2015-1545\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openldap USN-2622-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openldap'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that OpenLDAP incorrectly\nhandled certain search queries that returned empty attributes. A remote attacker\ncould use this issue to cause OpenLDAP to assert, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS. (CVE-2012-1164)\n\nMichael Vishchers discovered that OpenLDAP improperly counted references\nwhen the rwm overlay was used. A remote attacker could use this issue to\ncause OpenLDAP to crash, resulting in a denial of service. (CVE-2013-4449)\n\nIt was discovered that OpenLDAP incorrectly handled certain empty attribute\nlists in search requests. A remote attacker could use this issue to cause\nOpenLDAP to crash, resulting in a denial of service. (CVE-2015-1545)\");\n script_tag(name:\"affected\", value:\"openldap on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2622-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2622-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.4.31-1+nmu2ubuntu11.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.4.31-1+nmu2ubuntu8.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.4.28-1.1ubuntu4.5\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1545"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-14T00:00:00", "id": "OPENVAS:1361412562310869236", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869236", "type": "openvas", "title": "Fedora Update for openldap FEDORA-2015-2055", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openldap FEDORA-2015-2055\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869236\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-14 07:16:43 +0200 (Tue, 14 Apr 2015)\");\n script_cve_id(\"CVE-2015-1545\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openldap FEDORA-2015-2055\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openldap'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openldap on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-2055\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154652.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.40~3.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6908", "CVE-2014-9713"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-09-17T00:00:00", "id": "OPENVAS:1361412562310842439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842439", "type": "openvas", "title": "Ubuntu Update for openldap USN-2742-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openldap USN-2742-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842439\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-17 06:18:59 +0200 (Thu, 17 Sep 2015)\");\n script_cve_id(\"CVE-2015-6908\", \"CVE-2014-9713\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openldap USN-2742-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openldap'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Denis Andzakovic discovered that OpenLDAP\nincorrectly handled certain BER data. A remote attacker could possibly use this\nissue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2015-6908)\n\nDietrich Clauss discovered that the OpenLDAP package incorrectly shipped\nwith a potentially unsafe default access control configuration. Depending\non how the database is configure, this may allow users to impersonate\nothers by modifying attributes such as their Unix user and group numbers.\n(CVE-2014-9713)\");\n script_tag(name:\"affected\", value:\"openldap on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2742-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2742-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.4.31-1+nmu2ubuntu8.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"slapd\", ver:\"2.4.28-1.1ubuntu4.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-27T10:48:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4449"], "description": "Check for the Version of openldap", "modified": "2017-07-12T00:00:00", "published": "2014-02-11T00:00:00", "id": "OPENVAS:871119", "href": "http://plugins.openvas.org/nasl.php?oid=871119", "type": "openvas", "title": "RedHat Update for openldap RHSA-2014:0126-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openldap RHSA-2014:0126-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871119);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-11 10:48:38 +0530 (Tue, 11 Feb 2014)\");\n script_cve_id(\"CVE-2013-4449\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for openldap RHSA-2014:0126-01\");\n\n tag_insight = \"OpenLDAP is an open source suite of Lightweight Directory Access Protocol\n(LDAP) applications and development tools. LDAP is a set of protocols used\nto access and maintain distributed directory information services over an\nIP network. The openldap package contains configuration files, libraries,\nand documentation for OpenLDAP.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon\n(slapd) performed reference counting when using the rwm (rewrite/remap)\noverlay. A remote attacker able to query the OpenLDAP server could use this\nflaw to crash the server by immediately unbinding from the server after\nsending a search request. (CVE-2013-4449)\n\nRed Hat would like to thank Michael Vishchers from Seven Principles AG for\nreporting this issue.\n\nThis update also fixes the following bug:\n\n* Previously, OpenLDAP did not properly handle a number of simultaneous\nupdates. As a consequence, sending a number of parallel update requests to\nthe server could cause a deadlock. With this update, a superfluous locking\nmechanism causing the deadlock has been removed, thus fixing the bug.\n(BZ#1056124)\n\nAll openldap users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\";\n\n tag_affected = \"openldap on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0126-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-February/msg00000.html\");\n script_summary(\"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.23~34.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.23~34.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-debuginfo\", rpm:\"openldap-debuginfo~2.4.23~34.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.4.23~34.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.23~34.el6_5.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4449"], "description": "Check for the Version of openldap", "modified": "2017-07-10T00:00:00", "published": "2014-02-11T00:00:00", "id": "OPENVAS:881872", "href": "http://plugins.openvas.org/nasl.php?oid=881872", "type": "openvas", "title": "CentOS Update for openldap CESA-2014:0126 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openldap CESA-2014:0126 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881872);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-11 10:30:42 +0530 (Tue, 11 Feb 2014)\");\n script_cve_id(\"CVE-2013-4449\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for openldap CESA-2014:0126 centos6 \");\n\n tag_insight = \"OpenLDAP is an open source suite of Lightweight Directory Access Protocol\n(LDAP) applications and development tools. LDAP is a set of protocols used\nto access and maintain distributed directory information services over an\nIP network. The openldap package contains configuration files, libraries,\nand documentation for OpenLDAP.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon\n(slapd) performed reference counting when using the rwm (rewrite/remap)\noverlay. A remote attacker able to query the OpenLDAP server could use this\nflaw to crash the server by immediately unbinding from the server after\nsending a search request. (CVE-2013-4449)\n\nRed Hat would like to thank Michael Vishchers from Seven Principles AG for\nreporting this issue.\n\nThis update also fixes the following bug:\n\n* Previously, OpenLDAP did not properly handle a number of simultaneous\nupdates. As a consequence, sending a number of parallel update requests to\nthe server could cause a deadlock. With this update, a superfluous locking\nmechanism causing the deadlock has been removed, thus fixing the bug.\n(BZ#1056124)\n\nAll openldap users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\";\n\n tag_affected = \"openldap on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0126\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-February/020132.html\");\n script_summary(\"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.23~34.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.23~34.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.4.23~34.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.23~34.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.4.23~34.el6_5.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4449"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-25T00:00:00", "id": "OPENVAS:1361412562310881887", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881887", "type": "openvas", "title": "CentOS Update for compat-openldap CESA-2014:0206 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for compat-openldap CESA-2014:0206 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881887\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:36:05 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-4449\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for compat-openldap CESA-2014:0206 centos5\");\n\n script_tag(name:\"affected\", value:\"compat-openldap on CentOS 5\");\n script_tag(name:\"insight\", value:\"OpenLDAP is an open source suite of Lightweight Directory Access Protocol\n(LDAP) applications and development tools. LDAP is a set of protocols used\nto access and maintain distributed directory information services over an\nIP network. The openldap package contains configuration files, libraries,\nand documentation for OpenLDAP.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon\n(slapd) performed reference counting when using the rwm (rewrite/remap)\noverlay. A remote attacker able to query the OpenLDAP server could use this\nflaw to crash the server by immediately unbinding from the server after\nsending a search request. (CVE-2013-4449)\n\nRed Hat would like to thank Michael Vishchers from Seven Principles AG for\nreporting this issue.\n\nAll openldap users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0206\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-February/020174.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'compat-openldap'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-openldap\", rpm:\"compat-openldap~2.3.43_2.2.29~27.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.3.43~27.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.3.43~27.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.3.43~27.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.3.43~27.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-overlays\", rpm:\"openldap-servers-overlays~2.3.43~27.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.3.43~27.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-27T10:48:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4449"], "description": "Check for the Version of openldap", "modified": "2017-07-12T00:00:00", "published": "2014-02-25T00:00:00", "id": "OPENVAS:871128", "href": "http://plugins.openvas.org/nasl.php?oid=871128", "type": "openvas", "title": "RedHat Update for openldap RHSA-2014:0206-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openldap RHSA-2014:0206-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871128);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 17:01:13 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-4449\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for openldap RHSA-2014:0206-01\");\n\n tag_insight = \"OpenLDAP is an open source suite of Lightweight Directory Access Protocol\n(LDAP) applications and development tools. LDAP is a set of protocols used\nto access and maintain distributed directory information services over an\nIP network. The openldap package contains configuration files, libraries,\nand documentation for OpenLDAP.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon\n(slapd) performed reference counting when using the rwm (rewrite/remap)\noverlay. A remote attacker able to query the OpenLDAP server could use this\nflaw to crash the server by immediately unbinding from the server after\nsending a search request. (CVE-2013-4449)\n\nRed Hat would like to thank Michael Vishchers from Seven Principles AG for\nreporting this issue.\n\nAll openldap users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\";\n\n tag_affected = \"openldap on Red Hat Enterprise Linux (v. 5 server)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0206-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-February/msg00031.html\");\n script_summary(\"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-openldap\", rpm:\"compat-openldap~2.3.43_2.2.29~27.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.3.43~27.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.3.43~27.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-debuginfo\", rpm:\"openldap-debuginfo~2.3.43~27.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.3.43~27.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.3.43~27.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-overlays\", rpm:\"openldap-servers-overlays~2.3.43~27.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.3.43~27.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4449"], "description": "Oracle Linux Local Security Checks ELSA-2014-0126", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123475", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123475", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0126", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0126.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123475\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:04:19 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0126\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0126 - openldap security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0126\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0126.html\");\n script_cve_id(\"CVE-2013-4449\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.23~34.el6_5.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.23~34.el6_5.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.4.23~34.el6_5.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.23~34.el6_5.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.4.23~34.el6_5.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-1545", "CVE-2014-9713", "CVE-2013-4449"], "description": "DoS, privilege escalation.", "edition": 1, "modified": "2015-04-13T00:00:00", "published": "2015-04-13T00:00:00", "id": "SECURITYVULNS:VULN:14377", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14377", "title": "OpenLDAP multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2013-4449"], "description": "Resources exhaustion.", "edition": 1, "modified": "2014-04-07T00:00:00", "published": "2014-04-07T00:00:00", "id": "SECURITYVULNS:VULN:13672", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13672", "title": "OpenLDAP DoS", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2013-4449"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:026\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : openldap\r\n Date : February 12, 2014\r\n Affected: Business Server 1.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in openldap:\r\n \r\n The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not\r\n properly count references, which allows remote attackers to cause\r\n a denial of service &#40;slapd crash&#41; by unbinding immediately after a\r\n search request, which triggers rwm_conn_destroy to free the session\r\n context while it is being used by rwm_op_search &#40;CVE-2013-4449&#41;.\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n f6f47a0a0de36f77454b42b7d67cad11 mes5/i586/libldap2.4_2-2.4.11-3.6mdvmes5.2.i586.rpm\r\n 6ef1ee5fae026d70c3a940b597c2899c mes5/i586/libldap2.4_2-devel-2.4.11-3.6mdvmes5.2.i586.rpm\r\n cff64c1d004f5dcadf58893f54bd2b79 mes5/i586/libldap2.4_2-static-devel-2.4.11-3.6mdvmes5.2.i586.rpm\r\n 4bc668febb73c0ce41d928f6bc66aead mes5/i586/openldap-2.4.11-3.6mdvmes5.2.i586.rpm\r\n 3c22bef679a50ecaf3ea705089b3b787 mes5/i586/openldap-clients-2.4.11-3.6mdvmes5.2.i586.rpm\r\n 5bda4d05eb3c630b915aebde7c80410c mes5/i586/openldap-doc-2.4.11-3.6mdvmes5.2.i586.rpm\r\n 95e6338873c0b3643cf0983bcd82a933 mes5/i586/openldap-servers-2.4.11-3.6mdvmes5.2.i586.rpm\r\n dea70a29075de07ca438417e5b775856 mes5/i586/openldap-testprogs-2.4.11-3.6mdvmes5.2.i586.rpm\r\n 0ad5f08372fb554fff145b9f202f8845 mes5/i586/openldap-tests-2.4.11-3.6mdvmes5.2.i586.rpm \r\n 8358868a61a01b5204d032d9674e5728 mes5/SRPMS/openldap-2.4.11-3.6mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 9ac984f57b49bcac9c244dcb2ea25f82 mes5/x86_64/lib64ldap2.4_2-2.4.11-3.6mdvmes5.2.x86_64.rpm\r\n ad204d57a8e77c683b18fb57db9df223 mes5/x86_64/lib64ldap2.4_2-devel-2.4.11-3.6mdvmes5.2.x86_64.rpm\r\n 0101675decfd5db7f4bcdd2e205e5533 mes5/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.6mdvmes5.2.x86_64.rpm\r\n 924c8eb8dce5616f72cfd1c74ec3ffc0 mes5/x86_64/openldap-2.4.11-3.6mdvmes5.2.x86_64.rpm\r\n b5483d5352e88095541aa4289c3f762b mes5/x86_64/openldap-clients-2.4.11-3.6mdvmes5.2.x86_64.rpm\r\n b2067967b6d3b3eb1a4536b76e8b2052 mes5/x86_64/openldap-doc-2.4.11-3.6mdvmes5.2.x86_64.rpm\r\n 6b328f09e078fbcdf8138f60eeb0c3c1 mes5/x86_64/openldap-servers-2.4.11-3.6mdvmes5.2.x86_64.rpm\r\n 9517f66ee97e0db3099135fff5c07a19 mes5/x86_64/openldap-testprogs-2.4.11-3.6mdvmes5.2.x86_64.rpm\r\n 70b08cd0c8d45322bba7bfbdba2cf202 mes5/x86_64/openldap-tests-2.4.11-3.6mdvmes5.2.x86_64.rpm \r\n 8358868a61a01b5204d032d9674e5728 mes5/SRPMS/openldap-2.4.11-3.6mdvmes5.2.src.rpm\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 1fbea4ddae49067310f9d52862186f12 mbs1/x86_64/lib64ldap2.4_2-2.4.33-2.1.mbs1.x86_64.rpm\r\n 3bed34f442d7d99ca6770a0aa334bf0e mbs1/x86_64/lib64ldap2.4_2-devel-2.4.33-2.1.mbs1.x86_64.rpm\r\n a10e56dc0d771e8da27059c0d84966fe mbs1/x86_64/lib64ldap2.4_2-static-devel-2.4.33-2.1.mbs1.x86_64.rpm\r\n df4a9a4436890707a76fe41c16999800 mbs1/x86_64/openldap-2.4.33-2.1.mbs1.x86_64.rpm\r\n 32fd4c412cf89d78e0887734bce10d36 mbs1/x86_64/openldap-clients-2.4.33-2.1.mbs1.x86_64.rpm\r\n 958f98530f1119e48d8f6f224d01ca6a mbs1/x86_64/openldap-doc-2.4.33-2.1.mbs1.x86_64.rpm\r\n b75dca39829dbca00adc0884e2ca6fbf mbs1/x86_64/openldap-servers-2.4.33-2.1.mbs1.x86_64.rpm\r\n 8c4e2d2ef7e480d05ebcf9655adf2a94 mbs1/x86_64/openldap-testprogs-2.4.33-2.1.mbs1.x86_64.rpm\r\n 193e318abe419a0689144bf7af70ade6 mbs1/x86_64/openldap-tests-2.4.33-2.1.mbs1.x86_64.rpm \r\n 4ebfb4dcbb423c34c48e03e61c96507a mbs1/SRPMS/openldap-2.4.33-2.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFS+zntmqjQ0CJFipgRAs5lAJ4wB5uIoWCjIemdoHE+ckHo0sCITgCfQTN+\r\n5nYyzgdu8tu5hQKop4wVlTo=\r\n=VJPx\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-04-07T00:00:00", "published": "2014-04-07T00:00:00", "id": "SECURITYVULNS:DOC:30460", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30460", "title": "[ MDVSA-2014:026 ] openldap", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-1144", "CVE-2015-1117", "CVE-2015-1102", "CVE-2014-4405", "CVE-2015-1096", "CVE-2014-3478", "CVE-2014-0231", "CVE-2014-3572", "CVE-2014-0237", "CVE-2014-3571", "CVE-2013-5704", "CVE-2014-3587", "CVE-2015-1132", "CVE-2014-3479", "CVE-2014-4670", "CVE-2015-1091", "CVE-2015-1148", "CVE-2015-1143", "CVE-2014-9298", "CVE-2014-3668", "CVE-2015-1149", "CVE-2014-8830", "CVE-2015-1145", "CVE-2014-0098", "CVE-2014-3480", "CVE-2015-1138", "CVE-2014-3981", "CVE-2015-1140", "CVE-2013-0118", "CVE-2014-0207", "CVE-2014-8275", "CVE-2014-3570", "CVE-2013-6438", "CVE-2015-1147", "CVE-2014-3669", "CVE-2015-1093", "CVE-2015-1545", "CVE-2014-3487", "CVE-2014-3538", "CVE-2014-5120", "CVE-2014-3597", "CVE-2015-1130", "CVE-2015-1136", "CVE-2015-1142", "CVE-2014-3710", "CVE-2015-1139", "CVE-2014-4698", "CVE-2014-3523", "CVE-2014-4049", "CVE-2014-3670", "CVE-2015-1546", "CVE-2015-0204", "CVE-2015-1105", "CVE-2015-1099", "CVE-2015-1146", "CVE-2015-1135", "CVE-2014-2497", "CVE-2015-1118", "CVE-2014-0118", "CVE-2015-1131", "CVE-2015-1137", "CVE-2015-1101", "CVE-2015-1103", "CVE-2015-1104", "CVE-2014-4404", "CVE-2015-1089", "CVE-2015-1133", "CVE-2015-1141", "CVE-2014-0117", "CVE-2015-1088", "CVE-2013-6712", "CVE-2015-1069", "CVE-2014-4380", "CVE-2015-1095", "CVE-2015-1098", "CVE-2014-3569", "CVE-2015-1100", "CVE-2014-0238", "CVE-2014-0226", "CVE-2015-1134"], "description": "80 different vulnerabilities.", "edition": 1, "modified": "2015-04-13T00:00:00", "published": "2015-04-13T00:00:00", "id": "SECURITYVULNS:VULN:14366", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14366", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-1144", "CVE-2015-1117", "CVE-2015-1102", "CVE-2014-4405", "CVE-2015-1096", "CVE-2014-3478", "CVE-2014-0231", "CVE-2014-3572", "CVE-2014-0237", "CVE-2014-3571", "CVE-2013-5704", "CVE-2014-3587", "CVE-2015-1132", "CVE-2014-3479", "CVE-2014-4670", "CVE-2015-1091", "CVE-2015-1067", "CVE-2015-1148", "CVE-2015-1143", "CVE-2014-9298", "CVE-2014-3668", "CVE-2014-8830", "CVE-2015-1145", "CVE-2014-0098", "CVE-2014-3480", "CVE-2015-1138", "CVE-2014-3981", "CVE-2015-1140", "CVE-2013-0118", "CVE-2014-0207", "CVE-2014-8275", "CVE-2014-3570", "CVE-2013-6438", "CVE-2015-1147", "CVE-2014-3669", "CVE-2015-1093", "CVE-2015-1545", "CVE-2014-3487", "CVE-2014-3538", "CVE-2014-5120", "CVE-2014-3597", "CVE-2015-1130", "CVE-2015-1136", "CVE-2015-1142", "CVE-2014-3710", "CVE-2015-1139", "CVE-2014-4698", "CVE-2014-3523", "CVE-2014-4049", "CVE-2014-3670", "CVE-2015-1546", "CVE-2015-0204", "CVE-2015-1105", "CVE-2015-1099", "CVE-2015-1146", "CVE-2015-1135", "CVE-2014-2497", "CVE-2015-1118", "CVE-2014-0118", "CVE-2015-1131", "CVE-2015-1137", "CVE-2015-1101", "CVE-2015-1103", "CVE-2015-1104", "CVE-2014-4404", "CVE-2015-1089", "CVE-2015-1133", "CVE-2015-1141", "CVE-2014-0117", "CVE-2015-1088", "CVE-2013-6712", "CVE-2015-1069", "CVE-2014-4380", "CVE-2015-1095", "CVE-2015-1098", "CVE-2014-3569", "CVE-2015-1100", "CVE-2014-0238", "CVE-2014-0226", "CVE-2015-1134"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004\r\n\r\nOS X Yosemite 10.10.3 and Security Update 2015-004 are now available\r\nand address the following:\r\n\r\nAdmin Framework\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A process may gain admin privileges without properly\r\nauthenticating\r\nDescription: An issue existed when checking XPC entitlements. This\r\nissue was addressed with improved entitlement checking.\r\nCVE-ID\r\nCVE-2015-1130 : Emil Kvarnhammar at TrueSec\r\n\r\napache\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.10 and 2.2.29, including one that may allow a remote\r\nattacker to execute arbitrary code. These issues were addressed by\r\nupdating Apache to versions 2.4.10 and 2.2.29\r\nCVE-ID\r\nCVE-2013-0118\r\nCVE-2013-5704\r\nCVE-2013-6438\r\nCVE-2014-0098\r\nCVE-2014-0117\r\nCVE-2014-0118\r\nCVE-2014-0226\r\nCVE-2014-0231\r\nCVE-2014-3523\r\n\r\nATS\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Multiple input validation issues existed in fontd.\r\nThese issues were addressed through improved input validation.\r\nCVE-ID\r\nCVE-2015-1131 : Ian Beer of Google Project Zero\r\nCVE-2015-1132 : Ian Beer of Google Project Zero\r\nCVE-2015-1133 : Ian Beer of Google Project Zero\r\nCVE-2015-1134 : Ian Beer of Google Project Zero\r\nCVE-2015-1135 : Ian Beer of Google Project Zero\r\n\r\nCertificate Trust Policy\r\nImpact: Update to the certificate trust policy\r\nDescription: The certificate trust policy was updated. The complete\r\nlist of certificates may be viewed at https://support.apple.com/en-\r\nus/HT202858.\r\n\r\nCFNetwork HTTPProtocol\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Cookies belonging to one origin may be sent to another\r\norigin\r\nDescription: A cross-domain cookie issue existed in redirect\r\nhandling. Cookies set in a redirect response could be passed on to a\r\nredirect target belonging to another origin. The issue was address\r\nthrough improved handling of redirects.\r\nCVE-ID\r\nCVE-2015-1089 : Niklas Keller\r\n\r\nCFNetwork Session\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Authentication credentials may be sent to a server on\r\nanother origin\r\nDescription: A cross-domain HTTP request headers issue existed in\r\nredirect handling. HTTP request headers sent in a redirect response\r\ncould be passed on to another origin. The issue was addressed through\r\nimproved handling of redirects.\r\nCVE-ID\r\nCVE-2015-1091 : Diego Torres &#40;http://dtorres.me&#41;\r\n\r\nCFURL\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: An input validation issue existed within URL\r\nprocessing. This issue was addressed through improved URL validation.\r\nCVE-ID\r\nCVE-2015-1088 : Luigi Galli\r\n\r\nCoreAnimation\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A use-after-free issue existed in CoreAnimation. This\r\nissue was addressed through improved mutex management.\r\nCVE-ID\r\nCVE-2015-1136 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nprocessing of font files. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-1093 : Marc Schoenefeld\r\n\r\nGraphics Driver\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A NULL pointer dereference existed in NVIDIA graphics\r\ndriver&#39;s handling of certain IOService userclient types. This issue\r\nwas addressed through additional context validation.\r\nCVE-ID\r\nCVE-2015-1137 :\r\nFrank Graziano and John Villamil of the Yahoo Pentest Team\r\n\r\nHypervisor\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A local application may be able to cause a denial of service\r\nDescription: An input validation issue existed in the hypervisor\r\nframework. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-1138 : Izik Eidus and Alex Fishman\r\n\r\nImageIO\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Processing a maliciously crafted .sgi file may lead to\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\n.sgi files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-1139 : Apple\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A malicious HID device may be able to cause arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in an IOHIDFamily\r\nAPI. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1095 : Andrew Church\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1140 : lokihardt@ASRT working with HP&#39;s Zero Day Initiative,\r\nLuca Todesco\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An issue existed in IOHIDFamily that led to the\r\ndisclosure of kernel memory content. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-1096 : Ilja van Sprundel of IOActive\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A heap buffer overflow existed in IOHIDFamily&#39;s\r\nhandling of key-mapping properties. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2014-4404 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in IOHIDFamily&#39;s\r\nhandling of key-mapping properties. This issue was addressed through\r\nimproved validation of IOHIDFamily key-mapping properties.\r\nCVE-ID\r\nCVE-2014-4405 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: A user may be able to execute arbitrary code with system\r\nprivileges\r\nDescription: An out-of-bounds write issue exited in the IOHIDFamily\r\ndriver. The issue was addressed through improved input validation.\r\nCVE-ID\r\nCVE-2014-4380 : cunzhang from Adlab of Venustech\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to cause unexpected system shutdown\r\nDescription: An issue existed in the handling of virtual memory\r\noperations within the kernel. The issue is fixed through improved\r\nhandling of the mach_vm_read operation.\r\nCVE-ID\r\nCVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A race condition existed in the kernel&#39;s setreuid\r\nsystem call. This issue was addressed through improved state\r\nmanagement.\r\nCVE-ID\r\nCVE-2015-1099 : Mark Mentovai of Google Inc.\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local application may escalate privileges using a\r\ncompromised service intended to run with reduced privileges\r\nDescription: setreuid and setregid system calls failed to drop\r\nprivileges permanently. This issue was addressed by correctly\r\ndropping privileges.\r\nCVE-ID\r\nCVE-2015-1117 : Mark Mentovai of Google Inc.\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: An attacker with a privileged network position may be able\r\nto redirect user traffic to arbitrary hosts\r\nDescription: ICMP redirects were enabled by default on OS X. This\r\nissue was addressed by disabling ICMP redirects.\r\nCVE-ID\r\nCVE-2015-1103 : Zimperium Mobile Security Labs\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: An attacker with a privileged network position may be able\r\nto cause a denial of service\r\nDescription: A state inconsistency existed in the processing of TCP\r\nheaders. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to cause unexpected system\r\ntermination or read kernel memory\r\nDescription: A out of bounds memory access issue existed in the\r\nkernel. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1100 : Maxime Villard of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A remote attacker may be able to bypass network filters\r\nDescription: The system would treat some IPv6 packets from remote\r\nnetwork interfaces as local packets. The issue was addressed by\r\nrejecting these packets.\r\nCVE-ID\r\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1101 : lokihardt@ASRT working with HP&#39;s Zero Day Initiative\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A remote attacker may be able to cause a denial of service\r\nDescription: A state inconsistency issue existed in the handling of\r\nTCP out of band data. This issue was addressed through improved state\r\nmanagement.\r\nCVE-ID\r\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\r\n\r\nLaunchServices\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to cause the Finder to crash\r\nDescription: An input validation issue existed in LaunchServices&#39;s\r\nhandling of application localization data. This issue was addressed\r\nthrough improved validation of localization data.\r\nCVE-ID\r\nCVE-2015-1142\r\n\r\nLaunchServices\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A type confusion issue existed in LaunchServices&#39;s\r\nhandling of localized strings. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2015-1143 : Apple\r\n\r\nlibnetcore\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Processing a maliciously crafted configuration profile may\r\nlead to unexpected application termination\r\nDescription: A memory corruption issue existed in the handling of\r\nconfiguration profiles. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\r\nFireEye, Inc.\r\n\r\nntp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A remote attacker may brute force ntpd authentication keys\r\nDescription: The config_auth function in ntpd generated a weak key\r\nwhen an authentication key was not configured. This issue was\r\naddressed by improved key generation.\r\nCVE-ID\r\nCVE-2014-9298\r\n\r\nOpenLDAP\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A remote unauthenticated client may be able to cause a\r\ndenial of service\r\nDescription: Multiple input validation issues existed in OpenLDAP.\r\nThese issues were addressed by improved input validation.\r\nCVE-ID\r\nCVE-2015-1545 : Ryan Tandy\r\nCVE-2015-1546 : Ryan Tandy\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Multiple vulnerabilities in OpenSSL\r\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8zc,\r\nincluding one that may allow an attacker to intercept connections to\r\na server that supports export-grade ciphers. These issues were\r\naddressed by updating OpenSSL to version 0.9.8zd.\r\nCVE-ID\r\nCVE-2014-3569\r\nCVE-2014-3570\r\nCVE-2014-3571\r\nCVE-2014-3572\r\nCVE-2014-8275\r\nCVE-2015-0204\r\n\r\nOpen Directory Client\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A password might be sent unencrypted over the network when\r\nusing Open Directory from OS X Server\r\nDescription: If an Open Directory client was bound to an OS X Server\r\nbut did not install the certificates of the OS X Server, and then a\r\nuser on that client changed their password, the password change\r\nrequest was sent over the network without encryption. This issue was\r\naddressed by having the client require encryption for this case.\r\nCVE-ID\r\nCVE-2015-1147 : Apple\r\n\r\nPHP\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Multiple vulnerabilities in PHP\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.3.29, 5.4.38, and 5.5.20, including one which may have led to\r\narbitrary code execution. This update addresses the issues by\r\nupdating PHP to versions 5.3.29, 5.4.38, and 5.5.20.\r\nCVE-ID\r\nCVE-2013-6712\r\nCVE-2014-0207\r\nCVE-2014-0237\r\nCVE-2014-0238\r\nCVE-2014-2497\r\nCVE-2014-3478\r\nCVE-2014-3479\r\nCVE-2014-3480\r\nCVE-2014-3487\r\nCVE-2014-3538\r\nCVE-2014-3587\r\nCVE-2014-3597\r\nCVE-2014-3668\r\nCVE-2014-3669\r\nCVE-2014-3670\r\nCVE-2014-3710\r\nCVE-2014-3981\r\nCVE-2014-4049\r\nCVE-2014-4670\r\nCVE-2014-4698\r\nCVE-2014-5120\r\n\r\nQuickLook\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Opening a maliciously crafted iWork file may lead to\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\niWork files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-1098 : Christopher Hickstein\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit&#39;s handling\r\nof Collada files. Viewing a maliciously crafted Collada file may have\r\nled to arbitrary code execution. This issue was addressed through\r\nimproved validation of accessor elements.\r\nCVE-ID\r\nCVE-2014-8830 : Jose Duart of Google Security Team\r\n\r\nScreen Sharing\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A user&#39;s password may be logged to a local file\r\nDescription: In some circumstances, Screen Sharing may log a user&#39;s\r\npassword that is not readable by other users on the system. This\r\nissue was addressed by removing logging of credential.\r\nCVE-ID\r\nCVE-2015-1148 : Apple\r\n\r\nSecurity - Code Signing\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Tampered applications may not be prevented from launching\r\nDescription: Applications containing specially crafted bundles may\r\nhave been able to launch without a completely valid signature. This\r\nissue was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-1145\r\nCVE-2015-1146\r\n\r\nUniformTypeIdentifiers\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow existed in the way Uniform Type\r\nIdentifiers were handled. This issue was addressed with improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-1144 : Apple\r\n\r\nWebKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in WebKit. This\r\nissues was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1069 : lokihardt@ASRT working with HP&#39;s Zero Day Initiative\r\n\r\nSecurity Update 2015-004 &#40;available for OS X Mountain Lion v10.8.5\r\nand OS X Mavericks v10.9.5&#41; also addresses an issue caused by the fix\r\nfor CVE-2015-1067 in Security Update 2015-002. This issue prevented\r\nRemote Apple Events clients on any version from connecting to the\r\nRemote Apple Events server. In default configurations, Remote Apple\r\nEvents is not enabled.\r\n\r\nOS X Yosemite 10.10.3 includes the security content of Safari 8.0.5.\r\nhttps://support.apple.com/en-us/HT204658\r\n\r\nOS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained\r\nfrom the Mac App Store or Apple&#39;s Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg\r\nlhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l\r\n+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6\r\nDudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj\r\ncjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW\r\nkHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo\r\npqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv\r\nD/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX\r\nkEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R\r\n5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b\r\n6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G\r\nvVE37tYUU4PnLfwlcazq\r\n=MOsT\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-04-09T00:00:00", "published": "2015-04-09T00:00:00", "id": "SECURITYVULNS:DOC:31890", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31890", "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-08-12T01:05:50", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1545", "CVE-2014-9713", "CVE-2013-4449"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3209-1 security@debian.org\nhttp://www.debian.org/security/ Yves-Alexis Perez\nMarch 30, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openldap\nCVE ID : CVE-2013-4449 CVE-2014-9713 CVE-2015-1545\nDebian Bug : 729367 761406 776988\n\nMultiple vulnerabilities were found in OpenLDAP, a free implementation\nof the Lightweight Directory Access Protocol.\n\nCVE-2013-4449\n\n Michael Vishchers from Seven Principles AG discovered a denial of\n service vulnerability in slapd, the directory server implementation.\n When the server is configured to used the RWM overlay, an attacker\n can make it crash by unbinding just after connecting, because of an\n issue with reference counting.\n\nCVE-2014-9713\n\n The default Debian configuration of the directory database allows\n every users to edit their own attributes. When LDAP directories are\n used for access control, and this is done using user attributes, an\n authenticated user can leverage this to gain access to unauthorized\n resources.\n .\n Please note this is a Debian specific vulnerability.\n .\n The new package won&#x27;t use the unsafe access control rule for new\n databases, but existing configurations won&#x27;t be automatically\n modified. Administrators are incited to look at the README.Debian\n file provided by the updated package if they need to fix the access\n control rule.\n\nCVE-2015-1545\n\n Ryan Tandy discovered a denial of service vulnerability in slapd.\n When using the deref overlay, providing an empty attribute list in\n a query makes the daemon crashes.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.4.31-2.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.4.40-4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.40-4.\n\nWe recommend that you upgrade your openldap packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2015-03-30T21:05:49", "published": "2015-03-30T21:05:49", "id": "DEBIAN:DSA-3209-1:69E49", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00096.html", "title": "[SECURITY] [DSA 3209-1] openldap security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:20:14", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1545", "CVE-2014-9713", "CVE-2012-1164", "CVE-2013-4449"], "description": "Package : openldap\nVersion : 2.4.23-7.3+deb6u1\nCVE IDs : CVE-2012-1164 CVE-2013-4449 CVE-2014-9713 CVE-2015-1545\nDebian Bugs : 663644 729367 761406 776988 \n\nMultiple vulnerabilities were found in OpenLDAP, a free implementation\nof the Lightweight Directory Access Protocol.\n\nPlease carefully check whether you are affected by CVE-2014-9713: if you\nare, you will need to manually upgrade your configuration! See below for\nmore details on this. Just upgrading the packages might not be enough!\n\nCVE-2012-1164\n\n Fix a crash when doing an attrsOnly search of a database configured \n with both the rwm and translucent overlays.\n\nCVE-2013-4449\n\n Michael Vishchers from Seven Principles AG discovered a denial of\n service vulnerability in slapd, the directory server implementation.\n When the server is configured to used the RWM overlay, an attacker\n can make it crash by unbinding just after connecting, because of an\n issue with reference counting.\n\nCVE-2014-9713\n\n The default Debian configuration of the directory database allows\n every users to edit their own attributes. When LDAP directories are\n used for access control, and this is done using user attributes, an\n authenticated user can leverage this to gain access to unauthorized\n resources.\n .\n Please note this is a Debian specific vulnerability.\n .\n The new package won&#x27;t use the unsafe access control rule for new\n databases, but existing configurations won&#x27;t be automatically\n modified. Administrators are incited to look at the README.Debian\n file provided by the updated package if they need to fix the access\n control rule.\n\nCVE-2015-1545\n\n Ryan Tandy discovered a denial of service vulnerability in slapd.\n When using the deref overlay, providing an empty attribute list in\n a query makes the daemon crashes.\n\n\nThanks to Ryan Tandy for preparing this update.\n", "edition": 9, "modified": "2015-04-18T15:26:48", "published": "2015-04-18T15:26:48", "id": "DEBIAN:DLA-203-1:89B5F", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201504/msg00016.html", "title": "[SECURITY] [DLA 203-1] openldap security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T09:49:03", "description": "Multiple vulnerabilities were found in OpenLDAP, a free implementation\nof the Lightweight Directory Access Protocol.\n\n - CVE-2013-4449\n Michael Vishchers from Seven Principles AG discovered a\n denial of service vulnerability in slapd, the directory\n server implementation. When the server is configured to\n used the RWM overlay, an attacker can make it crash by\n unbinding just after connecting, because of an issue\n with reference counting.\n\n - CVE-2014-9713\n The default Debian configuration of the directory\n database allows every users to edit their own\n attributes. When LDAP directories are used for access\n control, and this is done using user attributes, an\n authenticated user can leverage this to gain access to\n unauthorized resources.\n\n Please note this is a Debian specific vulnerability.\n\n The new package won't use the unsafe access control rule for new\n databases, but existing configurations won't be automatically\n modified. Administrators are incited to look at the README.Debian\n file provided by the updated package if they need to fix the access\n control rule.\n\n - CVE-2015-1545\n Ryan Tandy discovered a denial of service vulnerability\n in slapd. When using the deref overlay, providing an\n empty attribute list in a query makes the daemon\n crashes.", "edition": 16, "published": "2015-03-31T00:00:00", "title": "Debian DSA-3209-1 : openldap - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1545", "CVE-2014-9713", "CVE-2013-4449"], "modified": "2015-03-31T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openldap", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3209.NASL", "href": "https://www.tenable.com/plugins/nessus/82432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3209. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82432);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4449\", \"CVE-2014-9713\", \"CVE-2015-1545\");\n script_bugtraq_id(63190, 72519);\n script_xref(name:\"DSA\", value:\"3209\");\n\n script_name(english:\"Debian DSA-3209-1 : openldap - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in OpenLDAP, a free implementation\nof the Lightweight Directory Access Protocol.\n\n - CVE-2013-4449\n Michael Vishchers from Seven Principles AG discovered a\n denial of service vulnerability in slapd, the directory\n server implementation. When the server is configured to\n used the RWM overlay, an attacker can make it crash by\n unbinding just after connecting, because of an issue\n with reference counting.\n\n - CVE-2014-9713\n The default Debian configuration of the directory\n database allows every users to edit their own\n attributes. When LDAP directories are used for access\n control, and this is done using user attributes, an\n authenticated user can leverage this to gain access to\n unauthorized resources.\n\n Please note this is a Debian specific vulnerability.\n\n The new package won't use the unsafe access control rule for new\n databases, but existing configurations won't be automatically\n modified. Administrators are incited to look at the README.Debian\n file provided by the updated package if they need to fix the access\n control rule.\n\n - CVE-2015-1545\n Ryan Tandy discovered a denial of service vulnerability\n in slapd. When using the deref overlay, providing an\n empty attribute list in a query makes the daemon\n crashes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openldap\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3209\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openldap packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 2.4.31-2.\n\nFor the upcoming stable distribution (jessie), these problems have\nbeen fixed in version 2.4.40-4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"ldap-utils\", reference:\"2.4.31-2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libldap-2.4-2\", reference:\"2.4.31-2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libldap-2.4-2-dbg\", reference:\"2.4.31-2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libldap2-dev\", reference:\"2.4.31-2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"slapd\", reference:\"2.4.31-2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"slapd-dbg\", reference:\"2.4.31-2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"slapd-smbk5pwd\", reference:\"2.4.31-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:41:57", "description": "Multiple vulnerabilities were found in OpenLDAP, a free implementation\nof the Lightweight Directory Access Protocol.\n\nPlease carefully check whether you are affected by CVE-2014-9713: if\nyou are, you will need to manually upgrade your configuration! See\nbelow for more details on this. Just upgrading the packages might not\nbe enough!\n\nCVE-2012-1164\n\nFix a crash when doing an attrsOnly search of a database configured\nwith both the rwm and translucent overlays.\n\nCVE-2013-4449\n\nMichael Vishchers from Seven Principles AG discovered a denial of\nservice vulnerability in slapd, the directory server implementation.\nWhen the server is configured to used the RWM overlay, an attacker can\nmake it crash by unbinding just after connecting, because of an issue\nwith reference counting.\n\nCVE-2014-9713\n\nThe default Debian configuration of the directory database allows\nevery users to edit their own attributes. When LDAP directories are\nused for access control, and this is done using user attributes, an\nauthenticated user can leverage this to gain access to unauthorized\nresources. . Please note this is a Debian specific vulnerability. .\nThe new package won't use the unsafe access control rule for new\ndatabases, but existing configurations won't be automatically\nmodified. Administrators are incited to look at the README.Debian file\nprovided by the updated package if they need to fix the access control\nrule.\n\nCVE-2015-1545\n\nRyan Tandy discovered a denial of service vulnerability in slapd. When\nusing the deref overlay, providing an empty attribute list in a query\nmakes the daemon crashes.\n\nThanks to Ryan Tandy for preparing this update.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 12, "published": "2015-04-20T00:00:00", "title": "Debian DLA-203-1 : openldap security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1545", "CVE-2014-9713", "CVE-2012-1164", "CVE-2013-4449"], "modified": "2015-04-20T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:ldap-utils", "p-cpe:/a:debian:debian_linux:slapd", "p-cpe:/a:debian:debian_linux:libldap-2.4-2-dbg", "p-cpe:/a:debian:debian_linux:libldap2-dev", "p-cpe:/a:debian:debian_linux:libldap-2.4-2", "p-cpe:/a:debian:debian_linux:slapd-smbk5pwd", "p-cpe:/a:debian:debian_linux:slapd-dbg"], "id": "DEBIAN_DLA-203.NASL", "href": "https://www.tenable.com/plugins/nessus/82861", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-203-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82861);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_name(english:\"Debian DLA-203-1 : openldap security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in OpenLDAP, a free implementation\nof the Lightweight Directory Access Protocol.\n\nPlease carefully check whether you are affected by CVE-2014-9713: if\nyou are, you will need to manually upgrade your configuration! See\nbelow for more details on this. Just upgrading the packages might not\nbe enough!\n\nCVE-2012-1164\n\nFix a crash when doing an attrsOnly search of a database configured\nwith both the rwm and translucent overlays.\n\nCVE-2013-4449\n\nMichael Vishchers from Seven Principles AG discovered a denial of\nservice vulnerability in slapd, the directory server implementation.\nWhen the server is configured to used the RWM overlay, an attacker can\nmake it crash by unbinding just after connecting, because of an issue\nwith reference counting.\n\nCVE-2014-9713\n\nThe default Debian configuration of the directory database allows\nevery users to edit their own attributes. When LDAP directories are\nused for access control, and this is done using user attributes, an\nauthenticated user can leverage this to gain access to unauthorized\nresources. . Please note this is a Debian specific vulnerability. .\nThe new package won't use the unsafe access control rule for new\ndatabases, but existing configurations won't be automatically\nmodified. Administrators are incited to look at the README.Debian file\nprovided by the updated package if they need to fix the access control\nrule.\n\nCVE-2015-1545\n\nRyan Tandy discovered a denial of service vulnerability in slapd. When\nusing the deref overlay, providing an empty attribute list in a query\nmakes the daemon crashes.\n\nThanks to Ryan Tandy for preparing this update.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/04/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/openldap\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ldap-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libldap-2.4-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libldap-2.4-2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libldap2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:slapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:slapd-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:slapd-smbk5pwd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"ldap-utils\", reference:\"2.4.23-7.3+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libldap-2.4-2\", reference:\"2.4.23-7.3+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libldap-2.4-2-dbg\", reference:\"2.4.23-7.3+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libldap2-dev\", reference:\"2.4.23-7.3+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"slapd\", reference:\"2.4.23-7.3+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"slapd-dbg\", reference:\"2.4.23-7.3+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"slapd-smbk5pwd\", reference:\"2.4.23-7.3+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-23T18:55:19", "description": "It was discovered that OpenLDAP incorrectly handled certain search\nqueries that returned empty attributes. A remote attacker could use\nthis issue to cause OpenLDAP to assert, resulting in a denial of\nservice. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1164)\n\nMichael Vishchers discovered that OpenLDAP improperly counted\nreferences when the rwm overlay was used. A remote attacker could use\nthis issue to cause OpenLDAP to crash, resulting in a denial of\nservice. (CVE-2013-4449)\n\nIt was discovered that OpenLDAP incorrectly handled certain empty\nattribute lists in search requests. A remote attacker could use this\nissue to cause OpenLDAP to crash, resulting in a denial of service.\n(CVE-2015-1545).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2015-05-27T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openldap vulnerabilities (USN-2622-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1545", "CVE-2012-1164", "CVE-2013-4449"], "modified": "2015-05-27T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:slapd", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2622-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83863", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2622-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83863);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2012-1164\", \"CVE-2013-4449\", \"CVE-2015-1545\");\n script_bugtraq_id(52404, 63190, 72519);\n script_xref(name:\"USN\", value:\"2622-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openldap vulnerabilities (USN-2622-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that OpenLDAP incorrectly handled certain search\nqueries that returned empty attributes. A remote attacker could use\nthis issue to cause OpenLDAP to assert, resulting in a denial of\nservice. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1164)\n\nMichael Vishchers discovered that OpenLDAP improperly counted\nreferences when the rwm overlay was used. A remote attacker could use\nthis issue to cause OpenLDAP to crash, resulting in a denial of\nservice. (CVE-2013-4449)\n\nIt was discovered that OpenLDAP incorrectly handled certain empty\nattribute lists in search requests. A remote attacker could use this\nissue to cause OpenLDAP to crash, resulting in a denial of service.\n(CVE-2015-1545).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2622-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected slapd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:slapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"slapd\", pkgver:\"2.4.28-1.1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"slapd\", pkgver:\"2.4.31-1+nmu2ubuntu8.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"slapd\", pkgver:\"2.4.31-1+nmu2ubuntu11.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"slapd\", pkgver:\"2.4.31-1+nmu2ubuntu12.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"slapd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:20:19", "description": "openldap2 was updated to fix three security issues and one\nnon-security bug.\n\nThe following vulnerabilities were fixed :\n\n - A remote attacker could cause a denial of service (slapd\n crash) by unbinding immediately after a search request.\n (bnc#846389, CVE-2013-4449)\n\n - A remote attacker could cause a denial of service\n through a NULL pointer dereference and crash via an\n empty attribute list in a deref control in a search\n request. (bnc#916897, CVE-2015-1545)\n\n - A remote attacker could cause a denial of service\n (crash) via a crafted search query with a matched values\n control. (bnc#916914, CVE-2015-1546) The following\n non-security bug was fixed :\n\n - Prevent connection-0 (internal connection) from showing\n up in the monitor back-end. (bnc#905959)", "edition": 23, "published": "2015-05-18T00:00:00", "title": "SuSE 11.3 Security Update : openldap2 (SAT Patch Number 10635)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1545", "CVE-2015-1546", "CVE-2013-4449"], "modified": "2015-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:openldap2-client", "p-cpe:/a:novell:suse_linux:11:openldap2", "p-cpe:/a:novell:suse_linux:11:openldap2-back-meta", "p-cpe:/a:novell:suse_linux:11:libldap-2_4-2", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:compat-libldap-2_3-0", "p-cpe:/a:novell:suse_linux:11:libldap-2_4-2-32bit"], "id": "SUSE_11_OPENLDAP2-20150423-150413.NASL", "href": "https://www.tenable.com/plugins/nessus/83516", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83516);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4449\", \"CVE-2015-1545\", \"CVE-2015-1546\");\n\n script_name(english:\"SuSE 11.3 Security Update : openldap2 (SAT Patch Number 10635)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"openldap2 was updated to fix three security issues and one\nnon-security bug.\n\nThe following vulnerabilities were fixed :\n\n - A remote attacker could cause a denial of service (slapd\n crash) by unbinding immediately after a search request.\n (bnc#846389, CVE-2013-4449)\n\n - A remote attacker could cause a denial of service\n through a NULL pointer dereference and crash via an\n empty attribute list in a deref control in a search\n request. (bnc#916897, CVE-2015-1545)\n\n - A remote attacker could cause a denial of service\n (crash) via a crafted search query with a matched values\n control. (bnc#916914, CVE-2015-1546) The following\n non-security bug was fixed :\n\n - Prevent connection-0 (internal connection) from showing\n up in the monitor back-end. (bnc#905959)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=846389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=905959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4449.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-1545.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-1546.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10635.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:compat-libldap-2_3-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libldap-2_4-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libldap-2_4-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openldap2-back-meta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openldap2-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libldap-2_4-2-2.4.26-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"openldap2-client-2.4.26-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libldap-2_4-2-2.4.26-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libldap-2_4-2-32bit-2.4.26-0.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"openldap2-client-2.4.26-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"compat-libldap-2_3-0-2.3.37-2.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libldap-2_4-2-2.4.26-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openldap2-2.4.26-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openldap2-back-meta-2.4.26-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openldap2-client-2.4.26-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libldap-2_4-2-32bit-2.4.26-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libldap-2_4-2-32bit-2.4.26-0.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:55:01", "description": "A vulnerability has been discovered and corrected in openldap :\n\nThe deref_parseCtrl function in servers/slapd/overlays/deref.c in\nOpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a\ndenial of service (NULL pointer dereference and crash) via an empty\nattribute list in a deref control in a search request (CVE-2015-1545).\n\nThe updated packages provides a solution for these security issues.", "edition": 25, "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : openldap (MDVSA-2015:074)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1545"], "modified": "2015-03-30T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:openldap-clients", "p-cpe:/a:mandriva:linux:lib64ldap2.4_2", "p-cpe:/a:mandriva:linux:openldap-tests", "p-cpe:/a:mandriva:linux:lib64ldap2.4_2-static-devel", "p-cpe:/a:mandriva:linux:openldap-doc", "p-cpe:/a:mandriva:linux:openldap-servers", "p-cpe:/a:mandriva:linux:openldap-testprogs", "p-cpe:/a:mandriva:linux:lib64ldap2.4_2-devel", "p-cpe:/a:mandriva:linux:openldap"], "id": "MANDRIVA_MDVSA-2015-074.NASL", "href": "https://www.tenable.com/plugins/nessus/82327", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:074. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82327);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1545\");\n script_bugtraq_id(72519);\n script_xref(name:\"MDVSA\", value:\"2015:074\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openldap (MDVSA-2015:074)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in openldap :\n\nThe deref_parseCtrl function in servers/slapd/overlays/deref.c in\nOpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a\ndenial of service (NULL pointer dereference and crash) via an empty\nattribute list in a deref control in a search request (CVE-2015-1545).\n\nThe updated packages provides a solution for these security issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-testprogs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-2.4.33-4.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-devel-2.4.33-4.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-static-devel-2.4.33-4.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"openldap-2.4.33-4.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"openldap-clients-2.4.33-4.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"openldap-doc-2.4.33-4.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"openldap-servers-2.4.33-4.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"openldap-testprogs-2.4.33-4.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"openldap-tests-2.4.33-4.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:13:26", "description": "CVE-2015-1545 openldap: slapd crashes on search with deref control and\nempty attr list\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-04-14T00:00:00", "title": "Fedora 21 : openldap-2.4.40-3.fc21 (2015-2055)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1545"], "modified": "2015-04-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openldap", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-2055.NASL", "href": "https://www.tenable.com/plugins/nessus/82747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2055.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82747);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1545\");\n script_xref(name:\"FEDORA\", value:\"2015-2055\");\n\n script_name(english:\"Fedora 21 : openldap-2.4.40-3.fc21 (2015-2055)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2015-1545 openldap: slapd crashes on search with deref control and\nempty attr list\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1190643\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154652.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6aa1e21b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"openldap-2.4.40-3.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-23T18:55:27", "description": "Denis Andzakovic discovered that OpenLDAP incorrectly handled certain\nBER data. A remote attacker could possibly use this issue to cause\nOpenLDAP to crash, resulting in a denial of service. (CVE-2015-6908)\n\nDietrich Clauss discovered that the OpenLDAP package incorrectly\nshipped with a potentially unsafe default access control\nconfiguration. Depending on how the database is configure, this may\nallow users to impersonate others by modifying attributes such as\ntheir Unix user and group numbers. (CVE-2014-9713).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2015-09-17T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openldap vulnerabilities (USN-2742-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6908", "CVE-2014-9713"], "modified": "2015-09-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:slapd", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2742-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85984", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2742-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85984);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2014-9713\", \"CVE-2015-6908\");\n script_xref(name:\"USN\", value:\"2742-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openldap vulnerabilities (USN-2742-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Denis Andzakovic discovered that OpenLDAP incorrectly handled certain\nBER data. A remote attacker could possibly use this issue to cause\nOpenLDAP to crash, resulting in a denial of service. (CVE-2015-6908)\n\nDietrich Clauss discovered that the OpenLDAP package incorrectly\nshipped with a potentially unsafe default access control\nconfiguration. Depending on how the database is configure, this may\nallow users to impersonate others by modifying attributes such as\ntheir Unix user and group numbers. (CVE-2014-9713).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2742-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected slapd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:slapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"slapd\", pkgver:\"2.4.28-1.1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"slapd\", pkgver:\"2.4.31-1+nmu2ubuntu8.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"slapd\", pkgver:\"2.4.31-1+nmu2ubuntu12.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"slapd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:12:29", "description": "fix rmw reference counting bug new upstream release (#1059186);\nhttp://www.openldap.org/software/release/changes.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-02-12T00:00:00", "title": "Fedora 20 : openldap-2.4.39-2.fc20 (2014-2012)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4449"], "modified": "2014-02-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openldap", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-2012.NASL", "href": "https://www.tenable.com/plugins/nessus/72451", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-2012.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72451);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4449\");\n script_bugtraq_id(63190);\n script_xref(name:\"FEDORA\", value:\"2014-2012\");\n\n script_name(english:\"Fedora 20 : openldap-2.4.39-2.fc20 (2014-2012)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fix rmw reference counting bug new upstream release (#1059186);\nhttp://www.openldap.org/software/release/changes.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.openldap.org/software/release/changes.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1019490\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f98aa497\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"openldap-2.4.39-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-25T08:55:56", "description": "From Red Hat Security Advisory 2014:0206 :\n\nUpdated openldap packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nOpenLDAP is an open source suite of Lightweight Directory Access\nProtocol (LDAP) applications and development tools. LDAP is a set of\nprotocols used to access and maintain distributed directory\ninformation services over an IP network. The openldap package contains\nconfiguration files, libraries, and documentation for OpenLDAP.\n\nA denial of service flaw was found in the way the OpenLDAP server\ndaemon (slapd) performed reference counting when using the rwm\n(rewrite/remap) overlay. A remote attacker able to query the OpenLDAP\nserver could use this flaw to crash the server by immediately\nunbinding from the server after sending a search request.\n(CVE-2013-4449)\n\nRed Hat would like to thank Michael Vishchers from Seven Principles AG\nfor reporting this issue.\n\nAll openldap users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.", "edition": 20, "published": "2014-02-25T00:00:00", "title": "Oracle Linux 5 : openldap (ELSA-2014-0206)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4449"], "modified": "2014-02-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openldap", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:openldap-servers", "p-cpe:/a:oracle:linux:openldap-clients", "p-cpe:/a:oracle:linux:openldap-devel", "p-cpe:/a:oracle:linux:openldap-servers-sql", "p-cpe:/a:oracle:linux:compat-openldap", "p-cpe:/a:oracle:linux:openldap-servers-overlays"], "id": "ORACLELINUX_ELSA-2014-0206.NASL", "href": "https://www.tenable.com/plugins/nessus/72677", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0206 and \n# Oracle Linux Security Advisory ELSA-2014-0206 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72677);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2013-4449\");\n script_bugtraq_id(63190);\n script_xref(name:\"RHSA\", value:\"2014:0206\");\n\n script_name(english:\"Oracle Linux 5 : openldap (ELSA-2014-0206)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0206 :\n\nUpdated openldap packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nOpenLDAP is an open source suite of Lightweight Directory Access\nProtocol (LDAP) applications and development tools. LDAP is a set of\nprotocols used to access and maintain distributed directory\ninformation services over an IP network. The openldap package contains\nconfiguration files, libraries, and documentation for OpenLDAP.\n\nA denial of service flaw was found in the way the OpenLDAP server\ndaemon (slapd) performed reference counting when using the rwm\n(rewrite/remap) overlay. A remote attacker able to query the OpenLDAP\nserver could use this flaw to crash the server by immediately\nunbinding from the server after sending a search request.\n(CVE-2013-4449)\n\nRed Hat would like to thank Michael Vishchers from Seven Principles AG\nfor reporting this issue.\n\nAll openldap users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-February/003991.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers-overlays\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"compat-openldap-2.3.43_2.2.29-27.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-2.3.43-27.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-clients-2.3.43-27.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-devel-2.3.43-27.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-servers-2.3.43-27.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-servers-overlays-2.3.43-27.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openldap-servers-sql-2.3.43-27.el5_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / openldap / openldap-clients / openldap-devel / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-25T09:15:03", "description": "Updated openldap packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nOpenLDAP is an open source suite of Lightweight Directory Access\nProtocol (LDAP) applications and development tools. LDAP is a set of\nprotocols used to access and maintain distributed directory\ninformation services over an IP network. The openldap package contains\nconfiguration files, libraries, and documentation for OpenLDAP.\n\nA denial of service flaw was found in the way the OpenLDAP server\ndaemon (slapd) performed reference counting when using the rwm\n(rewrite/remap) overlay. A remote attacker able to query the OpenLDAP\nserver could use this flaw to crash the server by immediately\nunbinding from the server after sending a search request.\n(CVE-2013-4449)\n\nRed Hat would like to thank Michael Vishchers from Seven Principles AG\nfor reporting this issue.\n\nAll openldap users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.", "edition": 23, "published": "2014-02-25T00:00:00", "title": "RHEL 5 : openldap (RHSA-2014:0206)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4449"], "modified": "2014-02-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql", "p-cpe:/a:redhat:enterprise_linux:openldap-servers", "p-cpe:/a:redhat:enterprise_linux:openldap", "p-cpe:/a:redhat:enterprise_linux:openldap-servers-overlays", "p-cpe:/a:redhat:enterprise_linux:openldap-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openldap-devel", "p-cpe:/a:redhat:enterprise_linux:openldap-clients", "p-cpe:/a:redhat:enterprise_linux:compat-openldap"], "id": "REDHAT-RHSA-2014-0206.NASL", "href": "https://www.tenable.com/plugins/nessus/72679", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0206. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72679);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2013-4449\");\n script_bugtraq_id(63190);\n script_xref(name:\"RHSA\", value:\"2014:0206\");\n\n script_name(english:\"RHEL 5 : openldap (RHSA-2014:0206)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openldap packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nOpenLDAP is an open source suite of Lightweight Directory Access\nProtocol (LDAP) applications and development tools. LDAP is a set of\nprotocols used to access and maintain distributed directory\ninformation services over an IP network. The openldap package contains\nconfiguration files, libraries, and documentation for OpenLDAP.\n\nA denial of service flaw was found in the way the OpenLDAP server\ndaemon (slapd) performed reference counting when using the rwm\n(rewrite/remap) overlay. A remote attacker able to query the OpenLDAP\nserver could use this flaw to crash the server by immediately\nunbinding from the server after sending a search request.\n(CVE-2013-4449)\n\nRed Hat would like to thank Michael Vishchers from Seven Principles AG\nfor reporting this issue.\n\nAll openldap users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4449\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers-overlays\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0206\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"compat-openldap-2.3.43_2.2.29-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openldap-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openldap-clients-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openldap-clients-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openldap-clients-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openldap-debuginfo-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openldap-devel-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openldap-servers-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openldap-servers-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openldap-servers-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openldap-servers-overlays-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openldap-servers-overlays-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openldap-servers-overlays-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openldap-servers-sql-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openldap-servers-sql-2.3.43-27.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openldap-servers-sql-2.3.43-27.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / openldap / openldap-clients / openldap-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2017-10-12T02:11:12", "bulletinFamily": "software", "cvelist": ["CVE-2013-4449"], "edition": 1, "description": "Description \n \nThe rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. ([CVE-2013-4449](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4449>)) \n\n\nImpact\n\nNone. F5 products are not affected by this vulnerability.\n\nStatus\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP AAM | None | 11.4.0 - 11.6.0 \n| Not vulnerable | None \nBIG-IP AFM | None | 11.3.0 - 11.6.0 \n| Not vulnerable | None \nBIG-IP Analytics | None | 11.0.0 - 11.6.0 \n| Not vulnerable | None \nBIG-IP APM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP ASM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP Link Controller | None \n| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP PEM | None \n| 11.3.0 - 11.6.0 \n| Not vulnerable | None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nARX | None | 6.0.0 - 6.4.0 \n| Not vulnerable | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n| Not vulnerable | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable | None \nBIG-IQ Cloud | None \n| 4.0.0 - 4.5.0 \n| Not vulnerable | None \nBIG-IQ Device | None \n| 4.2.0 - 4.5.0 \n| Not vulnerable | None \nBIG-IQ Security | None \n| 4.0.0 - 4.5.0 \n| Not vulnerable | None \nBIG-IQ ADC | None \n| 4.5.0 \n| Not vulnerable | None \nLineRate | None \n| 2.5.0 - 2.6.0 \n| Not vulnerable | None \nF5 WebSafe | None \n| 1.0.0 \n| Not vulnerable | None \nTraffix SDC | None \n| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable | None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "modified": "2016-01-09T02:21:00", "published": "2015-07-03T02:52:00", "id": "F5:K16882", "href": "https://support.f5.com/csp/article/K16882", "title": "OpenLDAP vulnerability CVE-2013-4449", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:07", "bulletinFamily": "software", "cvelist": ["CVE-2013-4449"], "edition": 1, "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "modified": "2015-07-02T00:00:00", "published": "2015-07-02T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16882.html", "id": "SOL16882", "title": "SOL16882 - OpenLDAP vulnerability CVE-2013-4449", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:25", "bulletinFamily": "software", "cvelist": ["CVE-2015-1545", "CVE-2015-1546"], "edition": 1, "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-04-02T00:00:00", "published": "2015-04-02T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16343.html", "id": "SOL16343", "title": "SOL16343 - OpenLDAP vulnerabilities CVE-2015-1545 and CVE-2015-1546", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:44:15", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1545", "CVE-2012-1164", "CVE-2013-4449"], "description": "It was discovered that OpenLDAP incorrectly handled certain search queries \nthat returned empty attributes. A remote attacker could use this issue to \ncause OpenLDAP to assert, resulting in a denial of service. This issue only \naffected Ubuntu 12.04 LTS. (CVE-2012-1164)\n\nMichael Vishchers discovered that OpenLDAP improperly counted references \nwhen the rwm overlay was used. A remote attacker could use this issue to \ncause OpenLDAP to crash, resulting in a denial of service. (CVE-2013-4449)\n\nIt was discovered that OpenLDAP incorrectly handled certain empty attribute \nlists in search requests. A remote attacker could use this issue to cause \nOpenLDAP to crash, resulting in a denial of service. (CVE-2015-1545)", "edition": 5, "modified": "2015-05-26T00:00:00", "published": "2015-05-26T00:00:00", "id": "USN-2622-1", "href": "https://ubuntu.com/security/notices/USN-2622-1", "title": "OpenLDAP vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:39:31", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6908", "CVE-2014-9713"], "description": "Denis Andzakovic discovered that OpenLDAP incorrectly handled certain BER \ndata. A remote attacker could possibly use this issue to cause OpenLDAP to \ncrash, resulting in a denial of service. (CVE-2015-6908)\n\nDietrich Clauss discovered that the OpenLDAP package incorrectly shipped \nwith a potentially unsafe default access control configuration. Depending \non how the database is configure, this may allow users to impersonate \nothers by modifying attributes such as their Unix user and group numbers. \n(CVE-2014-9713)", "edition": 5, "modified": "2015-09-16T00:00:00", "published": "2015-09-16T00:00:00", "id": "USN-2742-1", "href": "https://ubuntu.com/security/notices/USN-2742-1", "title": "OpenLDAP vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1545"], "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. ", "modified": "2015-04-13T07:04:55", "published": "2015-04-13T07:04:55", "id": "FEDORA:38B5C608798F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: openldap-2.4.40-3.fc21", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4449"], "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. ", "modified": "2014-03-11T04:01:35", "published": "2014-03-11T04:01:35", "id": "FEDORA:172CF20AFA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: openldap-2.4.39-2.fc19", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4449"], "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. ", "modified": "2014-02-11T23:13:08", "published": "2014-02-11T23:13:08", "id": "FEDORA:CF836215C9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: openldap-2.4.39-2.fc20", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:26:14", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4449"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0126\n\n\nOpenLDAP is an open source suite of Lightweight Directory Access Protocol\n(LDAP) applications and development tools. LDAP is a set of protocols used\nto access and maintain distributed directory information services over an\nIP network. The openldap package contains configuration files, libraries,\nand documentation for OpenLDAP.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon\n(slapd) performed reference counting when using the rwm (rewrite/remap)\noverlay. A remote attacker able to query the OpenLDAP server could use this\nflaw to crash the server by immediately unbinding from the server after\nsending a search request. (CVE-2013-4449)\n\nRed Hat would like to thank Michael Vishchers from Seven Principles AG for\nreporting this issue.\n\nThis update also fixes the following bug:\n\n* Previously, OpenLDAP did not properly handle a number of simultaneous\nupdates. As a consequence, sending a number of parallel update requests to\nthe server could cause a deadlock. With this update, a superfluous locking\nmechanism causing the deadlock has been removed, thus fixing the bug.\n(BZ#1056124)\n\nAll openldap users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-February/032170.html\n\n**Affected packages:**\nopenldap\nopenldap-clients\nopenldap-devel\nopenldap-servers\nopenldap-servers-sql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0126.html", "edition": 3, "modified": "2014-02-04T05:35:44", "published": "2014-02-04T05:35:44", "href": "http://lists.centos.org/pipermail/centos-announce/2014-February/032170.html", "id": "CESA-2014:0126", "title": "openldap security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:26:09", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4449"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0206\n\n\nOpenLDAP is an open source suite of Lightweight Directory Access Protocol\n(LDAP) applications and development tools. LDAP is a set of protocols used\nto access and maintain distributed directory information services over an\nIP network. The openldap package contains configuration files, libraries,\nand documentation for OpenLDAP.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon\n(slapd) performed reference counting when using the rwm (rewrite/remap)\noverlay. A remote attacker able to query the OpenLDAP server could use this\nflaw to crash the server by immediately unbinding from the server after\nsending a search request. (CVE-2013-4449)\n\nRed Hat would like to thank Michael Vishchers from Seven Principles AG for\nreporting this issue.\n\nAll openldap users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-February/032212.html\n\n**Affected packages:**\ncompat-openldap\nopenldap\nopenldap-clients\nopenldap-devel\nopenldap-servers\nopenldap-servers-overlays\nopenldap-servers-sql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0206.html", "edition": 3, "modified": "2014-02-24T19:35:05", "published": "2014-02-24T19:35:05", "href": "http://lists.centos.org/pipermail/centos-announce/2014-February/032212.html", "id": "CESA-2014:0206", "title": "compat, openldap security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:35:17", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4449"], "description": "**Issue Overview:**\n\nThe rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.\n\n \n**Affected Packages:** \n\n\nopenldap\n\n \n**Issue Correction:** \nRun _yum update openldap_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openldap-servers-sql-2.4.23-34.23.amzn1.i686 \n openldap-devel-2.4.23-34.23.amzn1.i686 \n openldap-debuginfo-2.4.23-34.23.amzn1.i686 \n openldap-2.4.23-34.23.amzn1.i686 \n openldap-servers-2.4.23-34.23.amzn1.i686 \n openldap-clients-2.4.23-34.23.amzn1.i686 \n \n src: \n openldap-2.4.23-34.23.amzn1.src \n \n x86_64: \n openldap-servers-2.4.23-34.23.amzn1.x86_64 \n openldap-clients-2.4.23-34.23.amzn1.x86_64 \n openldap-devel-2.4.23-34.23.amzn1.x86_64 \n openldap-debuginfo-2.4.23-34.23.amzn1.x86_64 \n openldap-2.4.23-34.23.amzn1.x86_64 \n openldap-servers-sql-2.4.23-34.23.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-02-26T16:22:00", "published": "2014-02-26T16:22:00", "id": "ALAS-2014-294", "href": "https://alas.aws.amazon.com/ALAS-2014-294.html", "title": "Medium: openldap", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:28:20", "description": "CVE ID:CVE-2013-4449\r\n\r\nCisco Unified Communications Manager\u662f\u4e00\u6b3eCisco IP\u7535\u8bdd\u89e3\u51b3\u65b9\u6848\u4e2d\u7684\u547c\u53eb\u5904\u7406\u7ec4\u4ef6\u3002\r\n\r\nCisco Unified Communications Manager\u6240\u7ed1\u5b9a\u4f7f\u7528\u7684OpenLDAP\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u67e5\u8be2\u76ee\u5f55\u548c\u968f\u5373\u4ece\u670d\u52a1\u5668\u4e0a\u89e3\u7ed1\uff0c\u4f7f\u670d\u52a1\u7a0b\u5e8f\u5d29\u6e83\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\n0\nCisco Unified Communications Manager\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\uff1a\r\nhttp://www.cisco.com/security", "published": "2014-04-08T00:00:00", "title": "Cisco Unified Communications Manager\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-4449"], "modified": "2014-04-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62076", "id": "SSV:62076", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}], "redhat": [{"lastseen": "2019-08-13T18:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4449"], "description": "OpenLDAP is an open source suite of Lightweight Directory Access Protocol\n(LDAP) applications and development tools. LDAP is a set of protocols used\nto access and maintain distributed directory information services over an\nIP network. The openldap package contains configuration files, libraries,\nand documentation for OpenLDAP.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon\n(slapd) performed reference counting when using the rwm (rewrite/remap)\noverlay. A remote attacker able to query the OpenLDAP server could use this\nflaw to crash the server by immediately unbinding from the server after\nsending a search request. (CVE-2013-4449)\n\nRed Hat would like to thank Michael Vishchers from Seven Principles AG for\nreporting this issue.\n\nThis update also fixes the following bug:\n\n* Previously, OpenLDAP did not properly handle a number of simultaneous\nupdates. As a consequence, sending a number of parallel update requests to\nthe server could cause a deadlock. With this update, a superfluous locking\nmechanism causing the deadlock has been removed, thus fixing the bug.\n(BZ#1056124)\n\nAll openldap users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2018-06-06T20:24:26", "published": "2014-02-03T05:00:00", "id": "RHSA-2014:0126", "href": "https://access.redhat.com/errata/RHSA-2014:0126", "type": "redhat", "title": "(RHSA-2014:0126) Moderate: openldap security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:44:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4449"], "description": "OpenLDAP is an open source suite of Lightweight Directory Access Protocol\n(LDAP) applications and development tools. LDAP is a set of protocols used\nto access and maintain distributed directory information services over an\nIP network. The openldap package contains configuration files, libraries,\nand documentation for OpenLDAP.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon\n(slapd) performed reference counting when using the rwm (rewrite/remap)\noverlay. A remote attacker able to query the OpenLDAP server could use this\nflaw to crash the server by immediately unbinding from the server after\nsending a search request. (CVE-2013-4449)\n\nRed Hat would like to thank Michael Vishchers from Seven Principles AG for\nreporting this issue.\n\nAll openldap users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n", "modified": "2017-09-08T12:09:33", "published": "2014-02-24T05:00:00", "id": "RHSA-2014:0206", "href": "https://access.redhat.com/errata/RHSA-2014:0206", "type": "redhat", "title": "(RHSA-2014:0206) Moderate: openldap security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:56", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4449"], "description": "[2.4.23-34.1]\n- fix: segfault on certain queries with rwm overlay (#1058250)\n[2.4.23-34]\n- fix: deadlock during SSL_ForceHandshake (#996373)\n + revert nss-handshake-threadsafe.patch", "edition": 4, "modified": "2014-02-03T00:00:00", "published": "2014-02-03T00:00:00", "id": "ELSA-2014-0126", "href": "http://linux.oracle.com/errata/ELSA-2014-0126.html", "title": "openldap security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:39", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4449"], "description": "[2.3.43-27]\n- fix: CVE-2013-4449 segfault on certain queries with rwm overlay (#1064145)\n[2.3.43-26]\n- fix: do not send IPv6 DNS queries when IPv6 is disabled on the host (#812772)", "edition": 4, "modified": "2014-02-24T00:00:00", "published": "2014-02-24T00:00:00", "id": "ELSA-2014-0206", "href": "http://linux.oracle.com/errata/ELSA-2014-0206.html", "title": "openldap security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:48:26", "bulletinFamily": "info", "cvelist": ["CVE-2015-1545", "CVE-2015-1546"], "description": "### *Detect date*:\n02/12/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nDouble free and other unknown vulnerability was found in OpenLDAP. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via a speciallyu designed search request.\n\n### *Affected products*:\nOpenLDAP versions from 2.4.13 to 2.4.40\n\n### *Solution*:\nUpdate to latest version! \n[Get OpenLDAP](<http://www.openldap.org/software/download/>)\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[OpenLDAP](<https://threats.kaspersky.com/en/product/OpenLDAP/>)\n\n### *CVE-IDS*:\n[CVE-2015-1546](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546>)5.0Critical \n[CVE-2015-1545](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545>)5.0Critical", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2015-02-12T00:00:00", "id": "KLA10486", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10486", "title": "\r KLA10486Denial of service vulnerability in OpenLDAP ", "type": "kaspersky", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "apple": [{"lastseen": "2020-12-24T20:42:08", "bulletinFamily": "software", "cvelist": ["CVE-2012-2668", "CVE-2019-8852", "CVE-2019-8842", "CVE-2019-8851", "CVE-2018-16300", "CVE-2019-13057", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2019-8834", "CVE-2018-14467", "CVE-2019-8830", "CVE-2018-10105", "CVE-2018-16229", "CVE-2019-8848", "CVE-2019-8847", "CVE-2018-16452", "CVE-2018-14466", "CVE-2019-15126", "CVE-2019-8828", "CVE-2019-8832", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2020-9782", "CVE-2015-1545", "CVE-2012-1164", "CVE-2018-14882", "CVE-2019-8833", "CVE-2013-4449", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2019-8853", "CVE-2018-16227", "CVE-2019-8837", "CVE-2018-14468", "CVE-2018-16228", "CVE-2019-8856", "CVE-2019-13565", "CVE-2018-14461", "CVE-2019-15903", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-8839", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881", "CVE-2019-8838"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra\n\nReleased December 10, 2019\n\n**ATS**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2019-8837: Csaba Fitzl (@theevilbit)\n\nEntry updated December 18, 2019\n\n**Bluetooth**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab\n\n**CallKit**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans\n\nDescription: An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling.\n\nCVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL\n\n**CFNetwork Proxies**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team\n\nEntry updated December 18, 2019\n\n**CFNetwork**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2019-8834: Rob Sayre (@sayrer)\n\nEntry added February 3, 2020\n\n**CUPS**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: In certain configurations, a remote attacker may be able to submit arbitrary print jobs\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8842: Niky1235 of China Mobile\n\nEntry updated December 18, 2019\n\n**CUPS**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8839: Stephan Zeisberg of Security Research Labs\n\nEntry updated December 18, 2019\n\n**FaceTime**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Processing malicious video via FaceTime may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2019-8830: Natalie Silvanovich of Google Project Zero\n\nEntry updated December 18, 2019\n\n**IOGraphics**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: A Mac may not lock immediately upon wake\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-8851: Vladik Khononov of DoiT International\n\nEntry added February 3, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2019-8833: Ian Beer of Google Project Zero\n\nEntry updated December 18, 2019\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8828: Cim Stordal of Cognite\n\nCVE-2019-8838: Dr Silvio Cesare of InfoSect\n\nCVE-2019-8847: Apple\n\nCVE-2019-8852: pattern-f (@pattern_F_) of WaCai\n\n**libexpat**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Parsing a maliciously crafted XML file may lead to disclosure of user information\n\nDescription: This issue was addressed by updating to expat version 2.2.8.\n\nCVE-2019-15903: Joonun Jang\n\nEntry updated December 18, 2019\n\n**Notes**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A parsing issue in the handling of directory paths was addressed with improved path validation.\n\nCVE-2020-9782: Allison Husain of UC Berkeley\n\nEntry added April 4, 2020\n\n**OpenLDAP**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Multiple issues in OpenLDAP\n\nDescription: Multiple issues were addressed by updating to OpenLDAP version 2.4.28.\n\nCVE-2012-1164\n\nCVE-2012-2668\n\nCVE-2013-4449\n\nCVE-2015-1545\n\nCVE-2019-13057\n\nCVE-2019-13565\n\nEntry updated February 3, 2020\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8832: Insu Yun of SSLab at Georgia Tech\n\n**tcpdump**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Multiple issues in tcpdump\n\nDescription: Multiple issues were addressed by updating to tcpdump version 4.9.3 and libpcap version 1.9.1\n\nCVE-2017-16808\n\nCVE-2018-10103\n\nCVE-2018-10105\n\nCVE-2018-14461\n\nCVE-2018-14462\n\nCVE-2018-14463\n\nCVE-2018-14464\n\nCVE-2018-14465\n\nCVE-2018-14466\n\nCVE-2018-14467\n\nCVE-2018-14468\n\nCVE-2018-14469\n\nCVE-2018-14470\n\nCVE-2018-14879\n\nCVE-2018-14880\n\nCVE-2018-14881\n\nCVE-2018-14882\n\nCVE-2018-16227\n\nCVE-2018-16228\n\nCVE-2018-16229\n\nCVE-2018-16230\n\nCVE-2018-16300\n\nCVE-2018-16301\n\nCVE-2018-16451\n\nCVE-2018-16452\n\nCVE-2019-15166\n\nCVE-2019-15167\n\nEntry updated February 11, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An attacker in Wi-Fi range may be able to view a small amount of network traffic\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2019-15126: Milos Cermak at ESET\n\nEntry added February 27, 2020\n\n\n\n## Additional recognition\n\n**Accounts**\n\nWe would like to acknowledge Allison Husain of UC Berkeley, Kishan Bagaria (KishanBagaria.com), Tom Snelling of Loughborough University for their assistance.\n\nEntry updated April 4, 2020\n\n**Core Data**\n\nWe would like to acknowledge Natalie Silvanovich of Google Project Zero for their assistance.\n\n**Finder**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.\n\nEntry added December 18, 2019\n\n**Kernel**\n\nWe would like to acknowledge Daniel Roethlisberger of Swisscom CSIRT for their assistance.\n\nEntry added December 18, 2019\n", "edition": 4, "modified": "2020-11-12T07:38:35", "published": "2020-11-12T07:38:35", "id": "APPLE:HT210788", "href": "https://support.apple.com/kb/HT210788", "title": "About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}