{"cve": [{"lastseen": "2017-04-18T15:53:18", "bulletinFamily": "NVD", "description": "slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.", "modified": "2017-01-06T21:59:04", "published": "2012-06-29T15:55:03", "id": "CVE-2012-1164", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1164", "title": "CVE-2012-1164", "type": "cve", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-01-08T12:57:12", "bulletinFamily": "scanner", "description": "Check for the Version of openldap", "modified": "2018-01-08T00:00:00", "published": "2012-06-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870764", "id": "OPENVAS:870764", "title": "RedHat Update for openldap RHSA-2012:0899-04", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openldap RHSA-2012:0899-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\n Protocol) applications and development tools.\n\n A denial of service flaw was found in the way the OpenLDAP server daemon\n (slapd) processed certain search queries requesting only attributes and no\n values. In certain configurations, a remote attacker could issue a\n specially-crafted LDAP search query that, when processed by slapd, would\n cause slapd to crash due to an assertion failure. (CVE-2012-1164)\n\n These updated openldap packages include numerous bug fixes. Space precludes\n documenting all of these changes in this advisory. Users are directed to\n the Red Hat Enterprise Linux 6.3 Technical Notes for information on the\n most significant of these changes.\n\n Users of OpenLDAP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing this\n update, the OpenLDAP daemons will be restarted automatically.\";\n\ntag_affected = \"openldap on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-June/msg00034.html\");\n script_id(870764);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-22 10:26:04 +0530 (Fri, 22 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1164\");\n script_xref(name: \"RHSA\", value: \"2012:0899-04\");\n script_name(\"RedHat Update for openldap RHSA-2012:0899-04\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.23~26.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.23~26.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-debuginfo\", rpm:\"openldap-debuginfo~2.4.23~26.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.4.23~26.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.23~26.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:06:29", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-08-14T00:00:00", "id": "OPENVAS:1361412562310831717", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831717", "title": "Mandriva Update for openldap MDVSA-2012:130 (openldap)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openldap MDVSA-2012:130 (openldap)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:130\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831717\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:41:49 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2012-1164\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:130\");\n script_name(\"Mandriva Update for openldap MDVSA-2012:130 (openldap)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openldap'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2)\");\n script_tag(name:\"affected\", value:\"openldap on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability was found and corrected in openldap:\n\n slapd in OpenLDAP before 2.4.30 allows remote attackers to cause\n a denial of service (assertion failure and daemon exit) via an LDAP\n search query with attrsOnly set to true, which causes empty attributes\n to be returned (CVE-2012-1164).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2\", rpm:\"libldap2.4_2~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-devel\", rpm:\"libldap2.4_2-devel~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-static-devel\", rpm:\"libldap2.4_2-static-devel~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-doc\", rpm:\"openldap-doc~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-testprogs\", rpm:\"openldap-testprogs~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-tests\", rpm:\"openldap-tests~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2\", rpm:\"lib64ldap2.4_2~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-devel\", rpm:\"lib64ldap2.4_2-devel~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-static-devel\", rpm:\"lib64ldap2.4_2-static-devel~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2\", rpm:\"libldap2.4_2~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-devel\", rpm:\"libldap2.4_2-devel~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-static-devel\", rpm:\"libldap2.4_2-static-devel~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-doc\", rpm:\"openldap-doc~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-testprogs\", rpm:\"openldap-testprogs~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-tests\", rpm:\"openldap-tests~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2\", rpm:\"lib64ldap2.4_2~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-devel\", rpm:\"lib64ldap2.4_2-devel~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-static-devel\", rpm:\"lib64ldap2.4_2-static-devel~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:16", "bulletinFamily": "scanner", "description": "Check for the Version of openldap", "modified": "2017-12-27T00:00:00", "published": "2012-08-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831717", "id": "OPENVAS:831717", "title": "Mandriva Update for openldap MDVSA-2012:130 (openldap)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openldap MDVSA-2012:130 (openldap)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was found and corrected in openldap:\n\n slapd in OpenLDAP before 2.4.30 allows remote attackers to cause\n a denial of service (assertion failure and daemon exit) via an LDAP\n search query with attrsOnly set to true, which causes empty attributes\n to be returned (CVE-2012-1164).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"openldap on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:130\");\n script_id(831717);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:41:49 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2012-1164\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:130\");\n script_name(\"Mandriva Update for openldap MDVSA-2012:130 (openldap)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2\", rpm:\"libldap2.4_2~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-devel\", rpm:\"libldap2.4_2-devel~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-static-devel\", rpm:\"libldap2.4_2-static-devel~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-doc\", rpm:\"openldap-doc~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-testprogs\", rpm:\"openldap-testprogs~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-tests\", rpm:\"openldap-tests~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2\", rpm:\"lib64ldap2.4_2~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-devel\", rpm:\"lib64ldap2.4_2-devel~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-static-devel\", rpm:\"lib64ldap2.4_2-static-devel~2.4.25~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2\", rpm:\"libldap2.4_2~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-devel\", rpm:\"libldap2.4_2-devel~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldap2.4_2-static-devel\", rpm:\"libldap2.4_2-static-devel~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-doc\", rpm:\"openldap-doc~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-testprogs\", rpm:\"openldap-testprogs~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-tests\", rpm:\"openldap-tests~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2\", rpm:\"lib64ldap2.4_2~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-devel\", rpm:\"lib64ldap2.4_2-devel~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ldap2.4_2-static-devel\", rpm:\"lib64ldap2.4_2-static-devel~2.4.11~3.5mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:59:39", "bulletinFamily": "scanner", "description": "Check for the Version of openldap", "modified": "2018-04-06T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881227", "title": "CentOS Update for openldap CESA-2012:0899 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openldap CESA-2012:0899 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_insight = \"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\n Protocol) applications and development tools.\n\n A denial of service flaw was found in the way the OpenLDAP server daemon\n (slapd) processed certain search queries requesting only attributes and no\n values. In certain configurations, a remote attacker could issue a\n specially-crafted LDAP search query that, when processed by slapd, would\n cause slapd to crash due to an assertion failure. (CVE-2012-1164)\n \n These updated openldap packages include numerous bug fixes. Space precludes\n documenting all of these changes in this advisory. Users are directed to\n the Red Hat Enterprise Linux 6.3 Technical Notes for information on the\n most significant of these changes.\n \n Users of OpenLDAP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing this\n update, the OpenLDAP daemons will be restarted automatically.\";\n\ntag_affected = \"openldap on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-July/018720.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881227\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:53:00 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1164\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0899\");\n script_name(\"CentOS Update for openldap CESA-2012:0899 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.23~26.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.23~26.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.4.23~26.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.23~26.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.4.23~26.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:16:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-06-22T00:00:00", "id": "OPENVAS:1361412562310870764", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870764", "title": "RedHat Update for openldap RHSA-2012:0899-04", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openldap RHSA-2012:0899-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-June/msg00034.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870764\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-22 10:26:04 +0530 (Fri, 22 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1164\");\n script_xref(name:\"RHSA\", value:\"2012:0899-04\");\n script_name(\"RedHat Update for openldap RHSA-2012:0899-04\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openldap'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"openldap on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\n Protocol) applications and development tools.\n\n A denial of service flaw was found in the way the OpenLDAP server daemon\n (slapd) processed certain search queries requesting only attributes and no\n values. In certain configurations, a remote attacker could issue a\n specially-crafted LDAP search query that, when processed by slapd, would\n cause slapd to crash due to an assertion failure. (CVE-2012-1164)\n\n These updated openldap packages include numerous bug fixes. Space precludes\n documenting all of these changes in this advisory. Users are directed to\n the Red Hat Enterprise Linux 6.3 Technical Notes for information on the\n most significant of these changes.\n\n Users of OpenLDAP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing this\n update, the OpenLDAP daemons will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.23~26.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.23~26.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-debuginfo\", rpm:\"openldap-debuginfo~2.4.23~26.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.4.23~26.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.23~26.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:23:53", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2012-0899", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123891", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123891", "title": "Oracle Linux Local Check: ELSA-2012-0899", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0899.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123891\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:55 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0899\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0899 - openldap security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0899\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0899.html\");\n script_cve_id(\"CVE-2012-1164\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.23~26.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.23~26.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.4.23~26.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.23~26.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.4.23~26.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:35:17", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120264", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120264", "title": "Amazon Linux Local Check: ALAS-2012-101", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2012-101.nasl 6578 2017-07-06 13:44:33Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120264\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:21:55 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2012-101\");\n script_tag(name:\"insight\", value:\"A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially-crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure. (CVE-2012-1164 )\");\n script_tag(name:\"solution\", value:\"Run yum update openldap to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-101.html\");\n script_cve_id(\"CVE-2012-1164\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.4.23~26.15.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.23~26.15.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.4.23~26.15.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openldap-debuginfo\", rpm:\"openldap-debuginfo~2.4.23~26.15.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.23~26.15.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.23~26.15.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:07:40", "bulletinFamily": "scanner", "description": "Check for the Version of openldap", "modified": "2018-01-04T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881227", "id": "OPENVAS:881227", "title": "CentOS Update for openldap CESA-2012:0899 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openldap CESA-2012:0899 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_insight = \"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\n Protocol) applications and development tools.\n\n A denial of service flaw was found in the way the OpenLDAP server daemon\n (slapd) processed certain search queries requesting only attributes and no\n values. In certain configurations, a remote attacker could issue a\n specially-crafted LDAP search query that, when processed by slapd, would\n cause slapd to crash due to an assertion failure. (CVE-2012-1164)\n \n These updated openldap packages include numerous bug fixes. Space precludes\n documenting all of these changes in this advisory. Users are directed to\n the Red Hat Enterprise Linux 6.3 Technical Notes for information on the\n most significant of these changes.\n \n Users of OpenLDAP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing this\n update, the OpenLDAP daemons will be restarted automatically.\";\n\ntag_affected = \"openldap on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-July/018720.html\");\n script_id(881227);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:53:00 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1164\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0899\");\n script_name(\"CentOS Update for openldap CESA-2012:0899 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.23~26.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-clients\", rpm:\"openldap-clients~2.4.23~26.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-devel\", rpm:\"openldap-devel~2.4.23~26.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers\", rpm:\"openldap-servers~2.4.23~26.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openldap-servers-sql\", rpm:\"openldap-servers-sql~2.4.23~26.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:20", "bulletinFamily": "scanner", "description": "Check for the Version of openldap", "modified": "2018-01-01T00:00:00", "published": "2012-07-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864548", "id": "OPENVAS:864548", "title": "Fedora Update for openldap FEDORA-2012-10023", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openldap FEDORA-2012-10023\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openldap on Fedora 16\";\ntag_insight = \"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\n Protocol) applications and development tools. LDAP is a set of\n protocols for accessing directory services (usually phone book style\n information, but other information is possible) over the Internet,\n similar to the way DNS (Domain Name System) information is propagated\n over the Internet. The openldap package contains configuration files,\n libraries, and documentation for OpenLDAP.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083907.html\");\n script_id(864548);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-19 10:27:43 +0530 (Thu, 19 Jul 2012)\");\n script_cve_id(\"CVE-2012-2668\", \"CVE-2012-1164\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-10023\");\n script_name(\"Fedora Update for openldap FEDORA-2012-10023\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.26~8.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:01:04", "bulletinFamily": "scanner", "description": "Check for the Version of openldap", "modified": "2018-04-06T00:00:00", "published": "2012-07-19T00:00:00", "id": "OPENVAS:1361412562310864548", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864548", "title": "Fedora Update for openldap FEDORA-2012-10023", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openldap FEDORA-2012-10023\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openldap on Fedora 16\";\ntag_insight = \"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\n Protocol) applications and development tools. LDAP is a set of\n protocols for accessing directory services (usually phone book style\n information, but other information is possible) over the Internet,\n similar to the way DNS (Domain Name System) information is propagated\n over the Internet. The openldap package contains configuration files,\n libraries, and documentation for OpenLDAP.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083907.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864548\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-19 10:27:43 +0530 (Thu, 19 Jul 2012)\");\n script_cve_id(\"CVE-2012-2668\", \"CVE-2012-1164\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-10023\");\n script_name(\"Fedora Update for openldap FEDORA-2012-10023\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openldap\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"openldap\", rpm:\"openldap~2.4.26~8.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2018-12-11T19:41:57", "bulletinFamily": "unix", "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon\n(slapd) processed certain search queries requesting only attributes and no\nvalues. In certain configurations, a remote attacker could issue a\nspecially-crafted LDAP search query that, when processed by slapd, would\ncause slapd to crash due to an assertion failure. (CVE-2012-1164)\n\nThese updated openldap packages include numerous bug fixes. Space precludes\ndocumenting all of these changes in this advisory. Users are directed to\nthe Red Hat Enterprise Linux 6.3 Technical Notes for information on the\nmost significant of these changes.\n\nUsers of OpenLDAP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the OpenLDAP daemons will be restarted automatically.\n", "modified": "2018-06-06T20:24:18", "published": "2012-06-20T04:00:00", "id": "RHSA-2012:0899", "href": "https://access.redhat.com/errata/RHSA-2012:0899", "type": "redhat", "title": "(RHSA-2012:0899) Low: openldap security and bug fix update", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:25", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA denial of service flaw was found in the way the OpenLDAP server daemon (slapd) processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially-crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure. ([CVE-2012-1164 __](<https://access.redhat.com/security/cve/CVE-2012-1164>))\n\n \n**Affected Packages:** \n\n\nopenldap\n\n \n**Issue Correction:** \nRun _yum update openldap_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openldap-servers-sql-2.4.23-26.15.amzn1.i686 \n openldap-servers-2.4.23-26.15.amzn1.i686 \n openldap-devel-2.4.23-26.15.amzn1.i686 \n openldap-debuginfo-2.4.23-26.15.amzn1.i686 \n openldap-clients-2.4.23-26.15.amzn1.i686 \n openldap-2.4.23-26.15.amzn1.i686 \n \n src: \n openldap-2.4.23-26.15.amzn1.src \n \n x86_64: \n openldap-devel-2.4.23-26.15.amzn1.x86_64 \n openldap-servers-2.4.23-26.15.amzn1.x86_64 \n openldap-2.4.23-26.15.amzn1.x86_64 \n openldap-clients-2.4.23-26.15.amzn1.x86_64 \n openldap-servers-sql-2.4.23-26.15.amzn1.x86_64 \n openldap-debuginfo-2.4.23-26.15.amzn1.x86_64 \n \n \n", "modified": "2014-09-14T16:41:00", "published": "2014-09-14T16:41:00", "id": "ALAS-2012-101", "href": "https://alas.aws.amazon.com/ALAS-2012-101.html", "title": "Medium: openldap", "type": "amazon", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:19:56", "bulletinFamily": "scanner", "description": "A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure.\n(CVE-2012-1164)", "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2012-101.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69591", "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : openldap (ALAS-2012-101)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-101.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69591);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-1164\");\n script_xref(name:\"ALAS\", value:\"2012-101\");\n script_xref(name:\"RHSA\", value:\"2012:0899\");\n\n script_name(english:\"Amazon Linux AMI : openldap (ALAS-2012-101)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the way the OpenLDAP server\ndaemon (slapd) processed certain search queries requesting only\nattributes and no values. In certain configurations, a remote attacker\ncould issue a specially crafted LDAP search query that, when processed\nby slapd, would cause slapd to crash due to an assertion failure.\n(CVE-2012-1164)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-101.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openldap' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openldap-2.4.23-26.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openldap-clients-2.4.23-26.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openldap-debuginfo-2.4.23-26.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openldap-devel-2.4.23-26.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openldap-servers-2.4.23-26.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openldap-servers-sql-2.4.23-26.15.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-debuginfo / openldap-devel / etc\");\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:19:37", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:0899 :\n\nUpdated openldap packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon (slapd) processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure.\n(CVE-2012-1164)\n\nThese updated openldap packages include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes.\n\nUsers of OpenLDAP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2012-0899.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68559", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : openldap (ELSA-2012-0899)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0899 and \n# Oracle Linux Security Advisory ELSA-2012-0899 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68559);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-1164\");\n script_bugtraq_id(52404);\n script_xref(name:\"RHSA\", value:\"2012:0899\");\n\n script_name(english:\"Oracle Linux 6 : openldap (ELSA-2012-0899)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0899 :\n\nUpdated openldap packages that fix one security issue and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA denial of service flaw was found in the way the OpenLDAP server\ndaemon (slapd) processed certain search queries requesting only\nattributes and no values. In certain configurations, a remote attacker\ncould issue a specially crafted LDAP search query that, when processed\nby slapd, would cause slapd to crash due to an assertion failure.\n(CVE-2012-1164)\n\nThese updated openldap packages include numerous bug fixes. Space\nprecludes documenting all of these changes in this advisory. Users are\ndirected to the Red Hat Enterprise Linux 6.3 Technical Notes for\ninformation on the most significant of these changes.\n\nUsers of OpenLDAP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, the OpenLDAP daemons will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002910.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openldap-2.4.23-26.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openldap-clients-2.4.23-26.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openldap-devel-2.4.23-26.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openldap-servers-2.4.23-26.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openldap-servers-sql-2.4.23-26.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-devel / openldap-servers / etc\");\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:17:33", "bulletinFamily": "scanner", "description": "A vulnerability was found and corrected in openldap :\n\nslapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned (CVE-2012-1164).\n\nThe updated packages have been patched to correct this issue.", "modified": "2019-01-02T00:00:00", "id": "MANDRIVA_MDVSA-2012-130.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61979", "published": "2012-09-06T00:00:00", "title": "Mandriva Linux Security Advisory : openldap (MDVSA-2012:130)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:130. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61979);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/01/02 16:37:54\");\n\n script_cve_id(\"CVE-2012-1164\");\n script_bugtraq_id(52404);\n script_xref(name:\"MDVSA\", value:\"2012:130\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openldap (MDVSA-2012:130)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was found and corrected in openldap :\n\nslapd in OpenLDAP before 2.4.30 allows remote attackers to cause a\ndenial of service (assertion failure and daemon exit) via an LDAP\nsearch query with attrsOnly set to true, which causes empty attributes\nto be returned (CVE-2012-1164).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldap2.4_2-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.4_2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldap2.4_2-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-testprogs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openldap-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-2.4.25-5.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-devel-2.4.25-5.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64ldap2.4_2-static-devel-2.4.25-5.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libldap2.4_2-2.4.25-5.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libldap2.4_2-devel-2.4.25-5.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libldap2.4_2-static-devel-2.4.25-5.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"openldap-2.4.25-5.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"openldap-clients-2.4.25-5.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"openldap-doc-2.4.25-5.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"openldap-servers-2.4.25-5.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"openldap-testprogs-2.4.25-5.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"openldap-tests-2.4.25-5.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:16:49", "bulletinFamily": "scanner", "description": "Updated openldap packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon (slapd) processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure.\n(CVE-2012-1164)\n\nThese updated openldap packages include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes.\n\nUsers of OpenLDAP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2012-0899.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59595", "published": "2012-06-20T00:00:00", "title": "RHEL 6 : openldap (RHSA-2012:0899)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0899. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59595);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2012-1164\");\n script_bugtraq_id(52404);\n script_xref(name:\"RHSA\", value:\"2012:0899\");\n\n script_name(english:\"RHEL 6 : openldap (RHSA-2012:0899)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openldap packages that fix one security issue and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA denial of service flaw was found in the way the OpenLDAP server\ndaemon (slapd) processed certain search queries requesting only\nattributes and no values. In certain configurations, a remote attacker\ncould issue a specially crafted LDAP search query that, when processed\nby slapd, would cause slapd to crash due to an assertion failure.\n(CVE-2012-1164)\n\nThese updated openldap packages include numerous bug fixes. Space\nprecludes documenting all of these changes in this advisory. Users are\ndirected to the Red Hat Enterprise Linux 6.3 Technical Notes for\ninformation on the most significant of these changes.\n\nUsers of OpenLDAP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, the OpenLDAP daemons will be restarted\nautomatically.\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1164\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0899\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openldap-2.4.23-26.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openldap-clients-2.4.23-26.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openldap-clients-2.4.23-26.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openldap-clients-2.4.23-26.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openldap-debuginfo-2.4.23-26.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openldap-devel-2.4.23-26.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openldap-servers-2.4.23-26.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openldap-servers-2.4.23-26.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openldap-servers-2.4.23-26.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openldap-servers-sql-2.4.23-26.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openldap-servers-sql-2.4.23-26.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openldap-servers-sql-2.4.23-26.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap / openldap-clients / openldap-debuginfo / openldap-devel / etc\");\n }\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:16:56", "bulletinFamily": "scanner", "description": "Updated openldap packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon (slapd) processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure.\n(CVE-2012-1164)\n\nThese updated openldap packages include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes.\n\nUsers of OpenLDAP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2012-0899.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59930", "published": "2012-07-11T00:00:00", "title": "CentOS 6 : openldap (CESA-2012:0899)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0899 and \n# CentOS Errata and Security Advisory 2012:0899 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59930);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2012-1164\");\n script_bugtraq_id(52404);\n script_xref(name:\"RHSA\", value:\"2012:0899\");\n\n script_name(english:\"CentOS 6 : openldap (CESA-2012:0899)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openldap packages that fix one security issue and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA denial of service flaw was found in the way the OpenLDAP server\ndaemon (slapd) processed certain search queries requesting only\nattributes and no values. In certain configurations, a remote attacker\ncould issue a specially crafted LDAP search query that, when processed\nby slapd, would cause slapd to crash due to an assertion failure.\n(CVE-2012-1164)\n\nThese updated openldap packages include numerous bug fixes. Space\nprecludes documenting all of these changes in this advisory. Users are\ndirected to the Red Hat Enterprise Linux 6.3 Technical Notes for\ninformation on the most significant of these changes.\n\nUsers of OpenLDAP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, the OpenLDAP daemons will be restarted\nautomatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-July/018720.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1959577a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"openldap-2.4.23-26.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openldap-clients-2.4.23-26.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openldap-devel-2.4.23-26.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openldap-servers-2.4.23-26.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openldap-servers-sql-2.4.23-26.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:17:23", "bulletinFamily": "scanner", "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon (slapd) processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure.\n(CVE-2012-1164)\n\nThese updated openldap packages include numerous bug fixes.\n\nUsers of OpenLDAP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically.", "modified": "2018-12-31T00:00:00", "id": "SL_20120620_OPENLDAP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61344", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : openldap on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61344);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2012-1164\");\n\n script_name(english:\"Scientific Linux Security Update : openldap on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA denial of service flaw was found in the way the OpenLDAP server\ndaemon (slapd) processed certain search queries requesting only\nattributes and no values. In certain configurations, a remote attacker\ncould issue a specially crafted LDAP search query that, when processed\nby slapd, would cause slapd to crash due to an assertion failure.\n(CVE-2012-1164)\n\nThese updated openldap packages include numerous bug fixes.\n\nUsers of OpenLDAP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, the OpenLDAP daemons will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1207&L=scientific-linux-errata&T=0&P=2175\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8c98c90\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openldap-2.4.23-26.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openldap-clients-2.4.23-26.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openldap-debuginfo-2.4.23-26.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openldap-devel-2.4.23-26.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openldap-servers-2.4.23-26.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openldap-servers-sql-2.4.23-26.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:16:57", "bulletinFamily": "scanner", "description": "security and bug fix update\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2012-10023.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60007", "published": "2012-07-18T00:00:00", "title": "Fedora 16 : openldap-2.4.26-8.fc16 (2012-10023)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-10023.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60007);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-1164\", \"CVE-2012-2668\");\n script_bugtraq_id(52404, 53823);\n script_xref(name:\"FEDORA\", value:\"2012-10023\");\n\n script_name(english:\"Fedora 16 : openldap-2.4.26-8.fc16 (2012-10023)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"security and bug fix update\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=802514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=825875\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083907.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d52d8f7c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openldap package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"openldap-2.4.26-8.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openldap\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:24:16", "bulletinFamily": "scanner", "description": "It was discovered that OpenLDAP incorrectly handled certain search queries that returned empty attributes. A remote attacker could use this issue to cause OpenLDAP to assert, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1164)\n\nMichael Vishchers discovered that OpenLDAP improperly counted references when the rwm overlay was used. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2013-4449)\n\nIt was discovered that OpenLDAP incorrectly handled certain empty attribute lists in search requests. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service.\n(CVE-2015-1545).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2622-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83863", "published": "2015-05-27T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openldap vulnerabilities (USN-2622-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2622-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83863);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2012-1164\", \"CVE-2013-4449\", \"CVE-2015-1545\");\n script_bugtraq_id(52404, 63190, 72519);\n script_xref(name:\"USN\", value:\"2622-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openldap vulnerabilities (USN-2622-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that OpenLDAP incorrectly handled certain search\nqueries that returned empty attributes. A remote attacker could use\nthis issue to cause OpenLDAP to assert, resulting in a denial of\nservice. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1164)\n\nMichael Vishchers discovered that OpenLDAP improperly counted\nreferences when the rwm overlay was used. A remote attacker could use\nthis issue to cause OpenLDAP to crash, resulting in a denial of\nservice. (CVE-2013-4449)\n\nIt was discovered that OpenLDAP incorrectly handled certain empty\nattribute lists in search requests. A remote attacker could use this\nissue to cause OpenLDAP to crash, resulting in a denial of service.\n(CVE-2015-1545).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2622-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected slapd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:slapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|14\\.10|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"slapd\", pkgver:\"2.4.28-1.1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"slapd\", pkgver:\"2.4.31-1+nmu2ubuntu8.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"slapd\", pkgver:\"2.4.31-1+nmu2ubuntu11.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"slapd\", pkgver:\"2.4.31-1+nmu2ubuntu12.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"slapd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:00", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201406-36 (OpenLDAP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenLDAP. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using OpenLDAP, bypass security restrictions or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-12T00:00:00", "id": "GENTOO_GLSA-201406-36.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76331", "published": "2014-07-01T00:00:00", "title": "GLSA-201406-36 : OpenLDAP: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-36.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76331);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2009-3767\", \"CVE-2010-0211\", \"CVE-2010-0212\", \"CVE-2011-1024\", \"CVE-2011-1025\", \"CVE-2011-1081\", \"CVE-2011-4079\", \"CVE-2012-1164\", \"CVE-2012-2668\");\n script_bugtraq_id(36844, 41770, 46363, 46831, 50384, 52404, 53823);\n script_xref(name:\"GLSA\", value:\"201406-36\");\n\n script_name(english:\"GLSA-201406-36 : OpenLDAP: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-36\n(OpenLDAP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenLDAP. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker might employ a specially crafted certificate to\n conduct man-in-the-middle attacks on SSL connections made using OpenLDAP,\n bypass security restrictions or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-36\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenLDAP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-nds/openldap-2.4.35'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-nds/openldap\", unaffected:make_list(\"ge 2.4.35\"), vulnerable:make_list(\"lt 2.4.35\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenLDAP\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:25:31", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0899\n\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nA denial of service flaw was found in the way the OpenLDAP server daemon\n(slapd) processed certain search queries requesting only attributes and no\nvalues. In certain configurations, a remote attacker could issue a\nspecially-crafted LDAP search query that, when processed by slapd, would\ncause slapd to crash due to an assertion failure. (CVE-2012-1164)\n\nThese updated openldap packages include numerous bug fixes. Space precludes\ndocumenting all of these changes in this advisory. Users are directed to\nthe Red Hat Enterprise Linux 6.3 Technical Notes for information on the\nmost significant of these changes.\n\nUsers of OpenLDAP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the OpenLDAP daemons will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-July/018720.html\n\n**Affected packages:**\nopenldap\nopenldap-clients\nopenldap-devel\nopenldap-servers\nopenldap-servers-sql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0899.html", "modified": "2012-07-10T13:25:58", "published": "2012-07-10T13:25:58", "href": "http://lists.centos.org/pipermail/centos-announce/2012-July/018720.html", "id": "CESA-2012:0899", "title": "openldap security update", "type": "centos", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T17:50:28", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 52404\r\nCVE(CAN) ID: CVE-2012-1164\r\n\r\nOpenLDAP\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u8f7b\u91cf\u7ea7\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\uff08LDAP\uff09\u5b9e\u73b0\u3002\r\n\r\nOpenLDAP\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4f7f\u53d7\u5f71\u54cdslapd\u670d\u52a1\u5668\u5d29\u6e83\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\n0\nOpenLDAP < 2.4.30\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nOpenLDAP\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.openldap.org/software/release/changes.html", "modified": "2012-06-28T00:00:00", "published": "2012-06-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60243", "id": "SSV:60243", "type": "seebug", "title": "OpenLDAP LDAP\u641c\u7d22\u8bf7\u6c42\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:39:53", "bulletinFamily": "unix", "description": "[2.4.23-26]\n- fix: MozNSS CA cert dir does not work together with PEM CA cert file (#818844)\n- fix: memory leak: def_urlpre is not freed (#816168)\n- fix update: Default SSL certificate bundle is not found by openldap library (#742023)\n[2.4.23-25]\n- fix update: Default SSL certificate bundle is not found by openldap library (#742023)\n[2.4.23-24]\n- fix update: Default SSL certificate bundle is not found by openldap library (#742023)\n- fix: memberof overlay on the frontend database causes server segfault (#730745)\n[2.4.23-23]\n- security fix: CVE-2012-1164: assertion failure by processing search queries\n requesting only attributes for particular entry (#813162)\n[2.4.23-22]\n- fix: libraries leak memory when following referrals (#807363)\n[2.4.23-21]\n- fix: ldapsearch crashes with invalid parameters (#743781)\n- fix: replication (syncrepl) with TLS causes segfault (#783445)\n- fix: openldap server in MirrorMode sometimes fails to resync via syncrepl (#784211)\n- use portreserve to reserve LDAPS port (636/tcp+udp) (#790687)\n- fix: missing options in manual pages of client tools (#745470)\n- fix: SASL_NOCANON option missing in ldap.conf manual page (#732916)\n- fix: slapd segfaults when certificate key cannot be loaded (#796808)\n- Jan Synacek \n + fix: overlay constraint with count option work bad with modify operation (#742163)\n + fix: Default SSL certificate bundle is not found by openldap library (#742023)\n + fix: Duplicate close() calls in OpenLDAP (#784203)", "modified": "2012-06-27T00:00:00", "published": "2012-06-27T00:00:00", "id": "ELSA-2012-0899", "href": "http://linux.oracle.com/errata/ELSA-2012-0899.html", "title": "openldap security and bug fix update", "type": "oraclelinux", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:39", "bulletinFamily": "unix", "description": "It was discovered that OpenLDAP incorrectly handled certain search queries that returned empty attributes. A remote attacker could use this issue to cause OpenLDAP to assert, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1164)\n\nMichael Vishchers discovered that OpenLDAP improperly counted references when the rwm overlay was used. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2013-4449)\n\nIt was discovered that OpenLDAP incorrectly handled certain empty attribute lists in search requests. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2015-1545)", "modified": "2015-05-26T00:00:00", "published": "2015-05-26T00:00:00", "id": "USN-2622-1", "href": "https://usn.ubuntu.com/2622-1/", "title": "OpenLDAP vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:44", "bulletinFamily": "unix", "description": "Package : openldap\nVersion : 2.4.23-7.3+deb6u1\nCVE IDs : CVE-2012-1164 CVE-2013-4449 CVE-2014-9713 CVE-2015-1545\nDebian Bugs : 663644 729367 761406 776988 \n\nMultiple vulnerabilities were found in OpenLDAP, a free implementation\nof the Lightweight Directory Access Protocol.\n\nPlease carefully check whether you are affected by CVE-2014-9713: if you\nare, you will need to manually upgrade your configuration! See below for\nmore details on this. Just upgrading the packages might not be enough!\n\nCVE-2012-1164\n\n Fix a crash when doing an attrsOnly search of a database configured \n with both the rwm and translucent overlays.\n\nCVE-2013-4449\n\n Michael Vishchers from Seven Principles AG discovered a denial of\n service vulnerability in slapd, the directory server implementation.\n When the server is configured to used the RWM overlay, an attacker\n can make it crash by unbinding just after connecting, because of an\n issue with reference counting.\n\nCVE-2014-9713\n\n The default Debian configuration of the directory database allows\n every users to edit their own attributes. When LDAP directories are\n used for access control, and this is done using user attributes, an\n authenticated user can leverage this to gain access to unauthorized\n resources.\n .\n Please note this is a Debian specific vulnerability.\n .\n The new package won't use the unsafe access control rule for new\n databases, but existing configurations won't be automatically\n modified. Administrators are incited to look at the README.Debian\n file provided by the updated package if they need to fix the access\n control rule.\n\nCVE-2015-1545\n\n Ryan Tandy discovered a denial of service vulnerability in slapd.\n When using the deref overlay, providing an empty attribute list in\n a query makes the daemon crashes.\n\n\nThanks to Ryan Tandy for preparing this update.\n", "modified": "2015-04-18T15:26:48", "published": "2015-04-18T15:26:48", "id": "DEBIAN:DLA-203-1:89B5F", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201504/msg00016.html", "title": "[SECURITY] [DLA 203-1] openldap security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:35", "bulletinFamily": "unix", "description": "### Background\n\nOpenLDAP is an LDAP suite of application and development tools.\n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenLDAP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using OpenLDAP, bypass security restrictions or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenLDAP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-nds/openldap-2.4.35\"", "modified": "2014-06-30T00:00:00", "published": "2014-06-30T00:00:00", "id": "GLSA-201406-36", "href": "https://security.gentoo.org/glsa/201406-36", "type": "gentoo", "title": "OpenLDAP: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
