The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-006.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products :

- AFP Client
- Adaptive Firewall
- Apache
- Apache Portable Runtime
- ATS
- Certificate Assistant
- CoreGraphics
- CUPS
- Dictionary
- DirectoryService
- Disk Images
- Event Monitor
- fetchmail
- FTP Server
- Help Viewer
- International Components for Unicode
- IOKit
- IPSec
- libsecurity
- libxml
- OpenLDAP
- OpenSSH
- PHP
- QuickDraw Manager
- QuickLook
- FreeRADIUS
- Screen Sharing
- Spotlight
- Subversion - AFP Client
- Adaptive Firewall
- Apache
- Apache Portable Runtime
- ATS
- Certificate Assistant
- CoreGraphics
- CUPS
- Dictionary
- DirectoryService
- Disk Images
- Event Monitor
- fetchmail
- FTP Server
- Help Viewer
- International Components for Unicode
- IOKit
- IPSec
- libsecurity
- libxml
- OpenLDAP
- OpenSSH
- PHP
- QuickDraw Manager
- QuickLook
- FreeRADIUS
- Screen Sharing
- Spotlight
- Subversion
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0110.NASL description Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658)

Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. The text # itself is copyright (C) Red Hat, Inc. # include(""); if (description) { script_id(31159); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-6698", "CVE-2008-0658"); script_bugtraq_id(26245, 27778); script_xref(name:"RHSA", value:"2008:0110"); script_name(english:"RHEL 4 / 5 : openldap (RHSA-2008:0110)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. An authenticated user with permission to perform modify (CVE-2007-6698) or modrdn (CVE-2008-0658) operations could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658)

Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0110"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"compat-openldap-2.1.30-8.el4_6.4")) flag++; if (rpm_check(release:"RHEL4", reference:"openldap-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"RHEL4", reference:"openldap-clients-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"RHEL4", reference:"openldap-devel-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"RHEL4", reference:"openldap-servers-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"RHEL4", reference:"openldap-servers-sql-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"RHEL5", reference:"compat-openldap-2.3.27_2.2.29-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", reference:"openldap-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", reference:"openldap-devel-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-openldap / openldap / openldap-clients / openldap-devel / etc"); } }
NASL family Scientific Linux Local Security Checks NASL id SL_20080221_OPENLDAP_ON_SL4_X.NASL description These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) last seen 2020-06-01 modified 2020-06-02 plugin id 60361 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source title Scientific Linux Security Update : openldap on SL4.x, SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include(""); if (description) { script_id(60361); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2007-6698", "CVE-2008-0658"); script_name(english:"Scientific Linux Security Update : openldap on SL4.x, SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658)" ); # script_set_attribute( attribute:"see_also", value:"" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include(""); include(""); include(""); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL4", reference:"compat-openldap-2.1.30-8.el4_6.4")) flag++; if (rpm_check(release:"SL4", reference:"openldap-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"SL4", reference:"openldap-clients-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"SL4", reference:"openldap-devel-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"SL4", reference:"openldap-servers-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"SL4", reference:"openldap-servers-sql-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"SL5", reference:"compat-openldap-2.3.27_2.2.29-8.el5_1.3")) flag++; if (rpm_check(release:"SL5", reference:"openldap-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"SL5", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"SL5", reference:"openldap-devel-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"SL5", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"SL5", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_OPENLDAP2-4989.NASL description Authenticated users could crash the LDAP server last seen 2020-06-01 modified 2020-06-02 plugin id 32078 published 2008-04-28 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source title SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 4989) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include(""); if (description) { script_id(32078); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2007-6698", "CVE-2008-0658"); script_name(english:"SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 4989)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Authenticated users could crash the LDAP server 'slapd' via the 'NOOP' command. (CVE-2007-6698 / CVE-2008-0658)" ); script_set_attribute( attribute:"see_also", value:"" ); script_set_attribute( attribute:"see_also", value:"" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4989."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include(""); include(""); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:1, reference:"openldap2-2.3.32-0.25.5")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"openldap2-client-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"openldap2-devel-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"openldap2-client-32bit-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"openldap2-devel-32bit-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-2.3.32-0.25.5")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-back-meta-2.3.32-0.25.5")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-back-perl-2.3.32-0.25.5")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-client-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-devel-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"openldap2-client-32bit-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"openldap2-devel-32bit-2.3.32-0.23.5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0110.NASL description From Red Hat Security Advisory 2008:0110 : Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658)

Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. (CVE-2007-6698, CVE-2008-0658)

Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", cpu:"i386", reference:"compat-openldap-2.1.30-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"compat-openldap-2.1.30-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-clients-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-clients-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-devel-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-devel-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-servers-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-servers-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-servers-sql-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-servers-sql-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL5", reference:"compat-openldap-2.3.27_2.2.29-8.el5_1.3")) flag++; if (rpm_check(release:"EL5", reference:"openldap-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"EL5", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"EL5", reference:"openldap-devel-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"EL5", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"EL5", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-openldap / openldap / openldap-clients / openldap-devel / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1541.NASL description Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5707 Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requests. - CVE-2007-5708 Toby Blade discovered that incorrect memory handling in slapo-pcache could lead to denial of service through crafted search requests. - CVE-2007-6698 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modify requests. - CVE-2008-0658 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modrdn requests. last seen 2020-06-01 modified 2020-06-02 plugin id 31811 published 2008-04-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source title Debian DSA-1541-1 : openldap2.3 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1541. The text # itself is copyright (C) Software in the Public Interest, Inc. # include(""); if (description) { script_id(31811); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2007-5707", "CVE-2007-5708", "CVE-2007-6698", "CVE-2008-0658"); script_xref(name:"DSA", value:"1541"); script_name(english:"Debian DSA-1541-1 : openldap2.3 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5707 Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requests. - CVE-2007-5708 Toby Blade discovered that incorrect memory handling in slapo-pcache could lead to denial of service through crafted search requests. - CVE-2007-6698 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modify requests. - CVE-2008-0658 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modrdn requests." ); script_set_attribute( attribute:"see_also", value:"" ); script_set_attribute( attribute:"see_also", value:"" ); script_set_attribute( attribute:"see_also", value:"" ); script_set_attribute( attribute:"see_also", value:"" ); script_set_attribute( attribute:"see_also", value:"" ); script_set_attribute( attribute:"see_also", value:"" ); script_set_attribute( attribute:"see_also", value:"" ); script_set_attribute( attribute:"see_also", value:"" ); script_set_attribute( attribute:"solution", value: "Upgrade the openldap2.3 packages. For the stable distribution (etch), these problems have been fixed in version 2.3.30-5+etch1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openldap2.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include(""); include(""); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"ldap-utils", reference:"2.3.30-5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libldap-2.3-0", reference:"2.3.30-5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"slapd", reference:"2.3.30-5+etch1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE9_12075.NASL description Authenticated users could crash the LDAP server last seen 2020-06-01 modified 2020-06-02 plugin id 41197 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source title SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12075) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include(""); if (description) { script_id(41197); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2007-6698", "CVE-2008-0658"); script_name(english:"SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12075)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Authenticated users could crash the LDAP server 'slapd' via the 'NOOP' command. (CVE-2007-6698 / CVE-2008-0658)" ); script_set_attribute( attribute:"see_also", value:"" ); script_set_attribute( attribute:"see_also", value:"" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12075."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include(""); include(""); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"openldap2-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", reference:"openldap2-back-ldap-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", reference:"openldap2-back-meta-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", reference:"openldap2-back-monitor-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", reference:"openldap2-back-perl-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", reference:"openldap2-client-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", reference:"openldap2-devel-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"openldap2-client-32bit-9-200802110138")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"openldap2-devel-32bit-9-200802110138")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
- Tue Feb 5 2008 Jan Safranek <jsafranek at> 2.3.34-6
  - fix CVE-2007-6698 (#431409)

- Mon Jan 14 2008 Jan Safranek <jsafranek at> 2.3.34-5
  - fix default slurpd directory to /var/lib/ldap (#424831)

- Fri Nov 2 2007 Jan Safranek <jsafranek at> 2.3.34-4
  - fix various security flaws (#360081)

- Fri Jul 13 2007 Jan Safranek <jsafranek at> 2.3.34-3
  - Fix initscript return codes (#242667)
  - Provide overlays including smbk5pwd (as modules; #246036, #245896, #220895)
  - Add available modules to config file
  - do not create script in /tmp on startup (bz#188298)
  - add compat-slapcat to openldap-compat (bz#179378)
  - do not import ddp services with (bz#201183)
  - sort the hosts by address, preventing duplicities in migrate*nis*.pl (bz#201540)
  - start slupd for each replicated database (bz#210155)
  - add ldconfig to devel post/postun (bz#240253)
  - include misc.schema in default slapd.conf (bz#147805)

- Mon Apr 23 2007 Jan Safranek <jsafranek at> 2.3.34-2
  - slapadd during package update is now quiet (bz#224581)
  - use _localstatedir instead of var/ during build (bz#220970)
  - bind-libbind-devel removed from BuildRequires (bz#216851)
  - slaptest is now quiet during service ldap start, if there is no error/warning (bz#143697)
  - now links with pthread (bz#198226)
  - do not strip binaries to produce correct .debuginfo packages (bz#152516) Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30236 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source title Fedora 7 : openldap-2.3.34-6.fc7 (2008-1307) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0110.NASL description Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658)

Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31076 published 2008-02-14 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source title Fedora 7 : openldap-2.3.34-7.fc7 (2008-1616) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-058.NASL description A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of service (CVE-2007-5708). Two vulnerabilities were found in how slapd handled modify (prior to 2.3.26) and modrdn (prior to 2.3.29) requests with NOOP control on objects stored in the BDB backend. An authenticated user with permission to perform modify (CVE-2007-6698) or modrdn (CVE-2008-0658) operations could cause slapd to crash.

The updated packages have been patched to correct these issues. (CVE-2007-6698)

Ralf Haferkamp discovered that the OpenLDAP slapd server did not properly handle modrdn requests when using the Berkeley DB backend and specifying the NOOP control. An authenticated user with modrdn permissions could send a crafted modrdn request and possibly cause a denial of service via application crash. (CVE-2007-6698). Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31406 published 2008-03-07 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : openldap2.2, openldap2.3 vulnerabilities (USN-584-1) NASL family SuSE Local Security Checks NASL id SUSE_OPENLDAP2-4999.NASL description Authenticated users could crash the LDAP server last seen 2020-06-01 modified 2020-06-02 plugin id 32079 published 2008-04-28 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source title openSUSE 10 Security Update : openldap2 (openldap2-4999)
accepted | 2013-04-29T04:08:20.485-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability. | ||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:10748 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
title | The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability. | ||||||||||||||||||||||||
version | 27 |
advisories |
| ||||
rpms |