Vulnerabilities > CVE-2002-1508 - Local Security vulnerability in Openldap 2.0

047910
CVSS 1.2 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
high complexity
openldap
nessus

Summary

slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.

Vulnerable Configurations

Part Description Count
Application
Openldap
2

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-227.NASL
    descriptionThe SuSE Security Team reviewed critical parts of openldap2, an implementation of the Lightweight Directory Access Protocol (LDAP) version 2 and 3, and found several buffer overflows and other bugs remote attackers could exploit to gain access on systems running vulnerable LDAP servers. In addition to these bugs, various local exploitable bugs within the OpenLDAP2 libraries have been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id15064
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15064
    titleDebian DSA-227-1 : openldap2 - buffer overflows and other bugs
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-227. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15064);
      script_version("1.23");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2002-1378", "CVE-2002-1379", "CVE-2002-1508");
      script_bugtraq_id(6328, 6620);
      script_xref(name:"DSA", value:"227");
    
      script_name(english:"Debian DSA-227-1 : openldap2 - buffer overflows and other bugs");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SuSE Security Team reviewed critical parts of openldap2, an
    implementation of the Lightweight Directory Access Protocol (LDAP)
    version 2 and 3, and found several buffer overflows and other bugs
    remote attackers could exploit to gain access on systems running
    vulnerable LDAP servers. In addition to these bugs, various local
    exploitable bugs within the OpenLDAP2 libraries have been fixed."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2003/dsa-227"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the openldap2 packages.
    
    For the current stable distribution (woody) these problems have been
    fixed in version 2.0.23-6.3.
    
    The old stable distribution (potato) does not contain OpenLDAP2
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openldap2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/01/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_set_attribute(attribute:"vuln_publication_date", value:"2002/12/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"ldap-gateways", reference:"2.0.23-6.3")) flag++;
    if (deb_check(release:"3.0", prefix:"ldap-utils", reference:"2.0.23-6.3")) flag++;
    if (deb_check(release:"3.0", prefix:"libldap2", reference:"2.0.23-6.3")) flag++;
    if (deb_check(release:"3.0", prefix:"libldap2-dev", reference:"2.0.23-6.3")) flag++;
    if (deb_check(release:"3.0", prefix:"slapd", reference:"2.0.23-6.3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2002-312.NASL
    descriptionUpdated OpenLDAP packages are available which fix a number of local and remote buffer overflows in libldap as well as the slapd and slurpd daemons. Additionally, potential issues stemming from using user-specified LDAP configuration files have been addressed. [Updated 06 Feb 2003] Added fixed packages for Red Hat Linux Advanced Workstation 2.1 [Updated 13 Aug 2003] Added openldap12 packages for Red Hat Linux Advanced Server 2.1 and Advanced Workstation 2.1 that were originally left out of this errata. OpenLDAP is a suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services. In an audit of OpenLDAP by SuSE, a number of potential security issues were found. The following is a list of these issues : When reading configuration files, libldap reads the current user
    last seen2020-06-01
    modified2020-06-02
    plugin id12346
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12346
    titleRHEL 2.1 : openldap (RHSA-2002:312)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2002:312. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12346);
      script_version ("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2002-1378", "CVE-2002-1379", "CVE-2002-1508");
      script_xref(name:"RHSA", value:"2002:312");
    
      script_name(english:"RHEL 2.1 : openldap (RHSA-2002:312)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated OpenLDAP packages are available which fix a number of local
    and remote buffer overflows in libldap as well as the slapd and slurpd
    daemons. Additionally, potential issues stemming from using
    user-specified LDAP configuration files have been addressed.
    
    [Updated 06 Feb 2003] Added fixed packages for Red Hat Linux Advanced
    Workstation 2.1
    
    [Updated 13 Aug 2003] Added openldap12 packages for Red Hat Linux
    Advanced Server 2.1 and Advanced Workstation 2.1 that were originally
    left out of this errata.
    
    OpenLDAP is a suite of LDAP (Lightweight Directory Access Protocol)
    applications and development tools. LDAP is a set of protocols for
    accessing directory services. In an audit of OpenLDAP by SuSE, a
    number of potential security issues were found.
    
    The following is a list of these issues :
    
    When reading configuration files, libldap reads the current user's
    .ldaprc file even in applications being run with elevated privileges.
    
    Slurpd would overflow an internal buffer if the command-line argument
    used with the -t or -r flags is too long, or if the name of a file for
    which it attempted to create an advisory lock is too long.
    
    When parsing filters, the getfilter family of functions from libldap
    can overflow an internal buffer by supplying a carefully crafted
    ldapfilter.conf file.
    
    When processing LDAP entry display templates, libldap can overflow an
    internal buffer by supplying a carefully crafted ldaptemplates.conf
    file.
    
    When parsing an access control list, slapd can overflow an internal
    buffer.
    
    When constructing the name of the file used for logging rejected
    replication requests, slapd overflows an internal buffer if the size
    of the generated name is too large. It can also destroy the contents
    of any file owned by the user 'ldap' due to a race condition in the
    subsequent creation of the log file.
    
    All of these potential security issues are corrected by the packages
    contained within this erratum.
    
    Red Hat Linux Advanced Server users who use LDAP are advised to
    install the updated OpenLDAP packages contained within this erratum."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2002-1378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2002-1379"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2002-1508"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2002:312"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap-servers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap12");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/01/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2003/08/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2002:312";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openldap-2.0.27-2.7.3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openldap-clients-2.0.27-2.7.3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openldap-devel-2.0.27-2.7.3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openldap-servers-2.0.27-2.7.3")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openldap12-1.2.13-8")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openldap / openldap-clients / openldap-devel / openldap-servers / etc");
      }
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-006.NASL
    descriptionA review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id13991
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13991
    titleMandrake Linux Security Advisory : openldap (MDKSA-2003:006)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2003:006. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(13991);
      script_version ("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:46");
    
      script_cve_id("CVE-2002-1378", "CVE-2002-1379", "CVE-2002-1508");
      script_xref(name:"MDKSA", value:"2003:006");
    
      script_name(english:"Mandrake Linux Security Advisory : openldap (MDKSA-2003:006)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A review was completed by the SuSE Security Team on the OpenLDAP
    server software, and this audit revealed several buffer overflows and
    other bugs that remote attackers could exploit to gain unauthorized
    access to the system running the vulnerable OpenLDAP servers.
    Additionally, various locally exploitable bugs in the OpenLDAP v2
    libraries have been fixed as well."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.suse.de/security/2002_047_openldap2.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2-devel-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-back_dnssrv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-back_ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-back_passwd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-back_sql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-guide");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-migration");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-servers");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/01/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libldap2-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libldap2-devel-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libldap2-devel-static-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-back_dnssrv-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-back_ldap-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-back_passwd-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-back_sql-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-clients-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-guide-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-migration-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openldap-servers-2.0.21-2.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libldap2-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libldap2-devel-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libldap2-devel-static-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-back_dnssrv-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-back_ldap-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-back_passwd-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-back_sql-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-clients-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-guide-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-migration-2.0.21-2.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openldap-servers-2.0.21-2.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libldap2-2.0.21-4.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libldap2-devel-2.0.21-4.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libldap2-devel-static-2.0.21-4.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-2.0.21-4.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-back_dnssrv-2.0.21-4.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-back_ldap-2.0.21-4.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-back_passwd-2.0.21-4.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-back_sql-2.0.21-4.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-clients-2.0.21-4.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-guide-2.0.21-4.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-migration-2.0.21-4.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openldap-servers-2.0.21-4.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libldap2-2.0.25-7.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libldap2-devel-2.0.25-7.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libldap2-devel-static-2.0.25-7.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-2.0.25-7.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-back_dnssrv-2.0.25-7.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-back_ldap-2.0.25-7.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-back_passwd-2.0.25-7.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-back_sql-2.0.25-7.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-clients-2.0.25-7.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-guide-2.0.25-7.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-migration-2.0.25-7.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openldap-servers-2.0.25-7.1mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Redhat

advisories
rhsa
idRHSA-2003:040