Vulnerabilities > CVE-2008-0658 - Resource Management Errors vulnerability in Openldap 2.3.39
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | OpenLDAP 2.3.39 MODRDN Remote Denial of Service Vulnerability. CVE-2008-0658. Dos exploit for linux platform |
| id | EDB-ID:31190 |
| last seen | 2016-02-03 |
| modified | 2008-02-13 |
| published | 2008-02-13 |
| reporter | Ralf Haferkamp |
| source | https://www.exploit-db.com/download/31190/ |
| title | OpenLDAP 2.3.39 MODRDN Remote Denial of Service Vulnerability |
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-006.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 42433 published 2009-11-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42433 title Mac OS X Multiple Vulnerabilities (Security Update 2009-006) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(42433); script_version("1.27"); script_cve_id( "CVE-2007-5707", "CVE-2007-6698", "CVE-2008-0658", "CVE-2008-5161", "CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2411", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2666", "CVE-2009-2808", "CVE-2009-2818", "CVE-2009-2819", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2824", "CVE-2009-2825", "CVE-2009-2826", "CVE-2009-2827", "CVE-2009-2828", "CVE-2009-2829", "CVE-2009-2831", "CVE-2009-2832", "CVE-2009-2833", "CVE-2009-2834", "CVE-2009-2837", "CVE-2009-2838", "CVE-2009-2839", "CVE-2009-2840", "CVE-2009-3111", "CVE-2009-3291", "CVE-2009-3292", "CVE-2009-3293" ); script_bugtraq_id( 26245, 27778, 34663, 35115, 35221, 35251, 35565, 35623, 35888, 35983, 36263, 36449, 36959, 36961, 36962, 36963, 36964, 36966, 36967, 36972, 36973, 36975, 36977, 36978, 36979, 36982, 36985, 36988, 36990 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)"); script_summary(english:"Check for the presence of Security Update 2009-006"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3937" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18255" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2009-006 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/09"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^(9\.[0-8]\.)", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[6-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages)) exit(0, "The host has Security Update 2009-006 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0110.NASL description Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 31159 published 2008-02-25 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31159 title RHEL 4 / 5 : openldap (RHSA-2008:0110) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0110. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(31159); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-6698", "CVE-2008-0658"); script_bugtraq_id(26245, 27778); script_xref(name:"RHSA", value:"2008:0110"); script_name(english:"RHEL 4 / 5 : openldap (RHSA-2008:0110)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6698" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0658" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0110" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compat-openldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap-servers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/01"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0110"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"compat-openldap-2.1.30-8.el4_6.4")) flag++; if (rpm_check(release:"RHEL4", reference:"openldap-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"RHEL4", reference:"openldap-clients-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"RHEL4", reference:"openldap-devel-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"RHEL4", reference:"openldap-servers-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"RHEL4", reference:"openldap-servers-sql-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"RHEL5", reference:"compat-openldap-2.3.27_2.2.29-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", reference:"openldap-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", reference:"openldap-devel-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-openldap / openldap / openldap-clients / openldap-devel / etc"); } }NASL family Scientific Linux Local Security Checks NASL id SL_20080221_OPENLDAP_ON_SL4_X.NASL description These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) last seen 2020-06-01 modified 2020-06-02 plugin id 60361 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60361 title Scientific Linux Security Update : openldap on SL4.x, SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60361); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2007-6698", "CVE-2008-0658"); script_name(english:"Scientific Linux Security Update : openldap on SL4.x, SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0802&L=scientific-linux-errata&T=0&P=932 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9c0baec3" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL4", reference:"compat-openldap-2.1.30-8.el4_6.4")) flag++; if (rpm_check(release:"SL4", reference:"openldap-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"SL4", reference:"openldap-clients-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"SL4", reference:"openldap-devel-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"SL4", reference:"openldap-servers-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"SL4", reference:"openldap-servers-sql-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"SL5", reference:"compat-openldap-2.3.27_2.2.29-8.el5_1.3")) flag++; if (rpm_check(release:"SL5", reference:"openldap-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"SL5", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"SL5", reference:"openldap-devel-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"SL5", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"SL5", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_OPENLDAP2-4989.NASL description Authenticated users could crash the LDAP server last seen 2020-06-01 modified 2020-06-02 plugin id 32078 published 2008-04-28 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/32078 title SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 4989) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(32078); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2007-6698", "CVE-2008-0658"); script_name(english:"SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 4989)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Authenticated users could crash the LDAP server 'slapd' via the 'NOOP' command. (CVE-2007-6698 / CVE-2008-0658)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-6698.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-0658.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4989."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:1, reference:"openldap2-2.3.32-0.25.5")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"openldap2-client-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"openldap2-devel-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"openldap2-client-32bit-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"openldap2-devel-32bit-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-2.3.32-0.25.5")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-back-meta-2.3.32-0.25.5")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-back-perl-2.3.32-0.25.5")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-client-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-devel-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"openldap2-client-32bit-2.3.32-0.23.5")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"openldap2-devel-32bit-2.3.32-0.23.5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0110.NASL description From Red Hat Security Advisory 2008:0110 : Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67650 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67650 title Oracle Linux 4 / 5 : openldap (ELSA-2008-0110) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0110 and # Oracle Linux Security Advisory ELSA-2008-0110 respectively. # include("compat.inc"); if (description) { script_id(67650); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2007-6698", "CVE-2008-0658"); script_bugtraq_id(26245, 27778); script_xref(name:"RHSA", value:"2008:0110"); script_name(english:"Oracle Linux 4 / 5 : openldap (ELSA-2008-0110)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2008:0110 : Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000517.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000520.html" ); script_set_attribute( attribute:"solution", value:"Update the affected openldap packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:compat-openldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openldap-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openldap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openldap-servers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openldap-servers-sql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/01"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", cpu:"i386", reference:"compat-openldap-2.1.30-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"compat-openldap-2.1.30-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-clients-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-clients-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-devel-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-devel-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-servers-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-servers-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-servers-sql-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-servers-sql-2.2.13-8.el4_6.4")) flag++; if (rpm_check(release:"EL5", reference:"compat-openldap-2.3.27_2.2.29-8.el5_1.3")) flag++; if (rpm_check(release:"EL5", reference:"openldap-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"EL5", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"EL5", reference:"openldap-devel-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"EL5", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++; if (rpm_check(release:"EL5", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-openldap / openldap / openldap-clients / openldap-devel / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1541.NASL description Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5707 Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requests. - CVE-2007-5708 Toby Blade discovered that incorrect memory handling in slapo-pcache could lead to denial of service through crafted search requests. - CVE-2007-6698 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modify requests. - CVE-2008-0658 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modrdn requests. last seen 2020-06-01 modified 2020-06-02 plugin id 31811 published 2008-04-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31811 title Debian DSA-1541-1 : openldap2.3 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1541. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(31811); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2007-5707", "CVE-2007-5708", "CVE-2007-6698", "CVE-2008-0658"); script_xref(name:"DSA", value:"1541"); script_name(english:"Debian DSA-1541-1 : openldap2.3 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5707 Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requests. - CVE-2007-5708 Toby Blade discovered that incorrect memory handling in slapo-pcache could lead to denial of service through crafted search requests. - CVE-2007-6698 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modify requests. - CVE-2008-0658 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modrdn requests." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448644" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465875" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-5707" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-5708" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-6698" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0658" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1541" ); script_set_attribute( attribute:"solution", value: "Upgrade the openldap2.3 packages. For the stable distribution (etch), these problems have been fixed in version 2.3.30-5+etch1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openldap2.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"ldap-utils", reference:"2.3.30-5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libldap-2.3-0", reference:"2.3.30-5+etch1")) flag++; if (deb_check(release:"4.0", prefix:"slapd", reference:"2.3.30-5+etch1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE9_12075.NASL description Authenticated users could crash the LDAP server last seen 2020-06-01 modified 2020-06-02 plugin id 41197 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41197 title SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12075) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41197); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2007-6698", "CVE-2008-0658"); script_name(english:"SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12075)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Authenticated users could crash the LDAP server 'slapd' via the 'NOOP' command. (CVE-2007-6698 / CVE-2008-0658)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-6698.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-0658.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12075."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"openldap2-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", reference:"openldap2-back-ldap-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", reference:"openldap2-back-meta-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", reference:"openldap2-back-monitor-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", reference:"openldap2-back-perl-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", reference:"openldap2-client-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", reference:"openldap2-devel-2.2.24-4.25")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"openldap2-client-32bit-9-200802110138")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"openldap2-devel-32bit-9-200802110138")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0110.NASL description Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 31138 published 2008-02-25 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31138 title CentOS 4 / 5 : openldap (CESA-2008:0110) NASL family Fedora Local Security Checks NASL id FEDORA_2008-1616.NASL description - Fri Feb 8 2008 Jan Safranek <jsafranek at redhat.com> 2.3.34-7 - fix CVE-2008-0658 (#432012) - Tue Feb 5 2008 Jan Safranek <jsafranek at redhat.com> 2.3.34-6 - fix CVE-2007-6698 (#431409) - Mon Jan 14 2008 Jan Safranek <jsafranek at redhat.com> 2.3.34-5 - fix default slurpd directory to /var/lib/ldap (#424831) - Fri Nov 2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-4 - fix various security flaws (#360081) - Fri Jul 13 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-3 - Fix initscript return codes (#242667) - Provide overlays including smbk5pwd (as modules; #246036, #245896, #220895) - Add available modules to config file - do not create script in /tmp on startup (bz#188298) - add compat-slapcat to openldap-compat (bz#179378) - do not import ddp services with migrate_services.pl (bz#201183) - sort the hosts by address, preventing duplicities in migrate*nis*.pl (bz#201540) - start slupd for each replicated database (bz#210155) - add ldconfig to devel post/postun (bz#240253) - include misc.schema in default slapd.conf (bz#147805) - Mon Apr 23 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-2 - slapadd during package update is now quiet (bz#224581) - use _localstatedir instead of var/ during build (bz#220970) - bind-libbind-devel removed from BuildRequires (bz#216851) - slaptest is now quiet during service ldap start, if there is no error/warning (bz#143697) - libldap_r.so now links with pthread (bz#198226) - do not strip binaries to produce correct .debuginfo packages (bz#152516) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31076 published 2008-02-14 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31076 title Fedora 7 : openldap-2.3.34-7.fc7 (2008-1616) NASL family Fedora Local Security Checks NASL id FEDORA_2008-1568.NASL description - Fri Feb 8 2008 Jan Safranek <jsafranek at redhat.com> 2.3.39-2 - fix CVE-2008-0658 (#432013) - Mon Jan 14 2008 Jan Safranek <jsafranek at redhat.com> 2.3.39-2 - fix default slurpd directory to /var/lib/ldap (#424831) - Fri Nov 2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.39-1 - new upstream version, fixing few security flaws (#362991) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31071 published 2008-02-14 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31071 title Fedora 8 : openldap-2.3.39-3.fc8 (2008-1568) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-058.NASL description A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of service (CVE-2007-5708). Two vulnerabilities were found in how slapd handled modify (prior to 2.3.26) and modrdn (prior to 2.3.29) requests with NOOP control on objects stored in the BDB backend. An authenticated user with permission to perform modify (CVE-2007-6698) or modrdn (CVE-2008-0658) operations could cause slapd to crash. The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37371 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37371 title Mandriva Linux Security Advisory : openldap (MDVSA-2008:058) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-584-1.NASL description Jonathan Clarke discovered that the OpenLDAP slapd server did not properly handle modify requests when using the Berkeley DB backend and specifying the NOOP control. An authenticated user with modify permissions could send a crafted modify request and cause a denial of service via application crash. Ubuntu 7.10 is not affected by this issue. (CVE-2007-6698) Ralf Haferkamp discovered that the OpenLDAP slapd server did not properly handle modrdn requests when using the Berkeley DB backend and specifying the NOOP control. An authenticated user with modrdn permissions could send a crafted modrdn request and possibly cause a denial of service via application crash. (CVE-2007-6698). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31406 published 2008-03-07 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31406 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : openldap2.2, openldap2.3 vulnerabilities (USN-584-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200803-28.NASL description The remote host is affected by the vulnerability described in GLSA-200803-28 (OpenLDAP: Denial of Service vulnerabilities) The following errors have been discovered in OpenLDAP: Tony Blake discovered an error which exists within the normalisation of last seen 2020-06-01 modified 2020-06-02 plugin id 31634 published 2008-03-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31634 title GLSA-200803-28 : OpenLDAP: Denial of Service vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E5D29309E0DB11DC97B2001C2514716C.NASL description Secunia Advisory reports : A vulnerability has been reported in OpenLDAP, which can be exploited by malicious users to cause a DoS (Denial of Service). last seen 2020-06-01 modified 2020-06-02 plugin id 31156 published 2008-02-25 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31156 title FreeBSD : openldap -- modrdn Denial of Service vulnerability (e5d29309-e0db-11dc-97b2-001c2514716c) NASL family SuSE Local Security Checks NASL id SUSE_OPENLDAP2-4999.NASL description Authenticated users could crash the LDAP server last seen 2020-06-01 modified 2020-06-02 plugin id 32079 published 2008-04-28 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/32079 title openSUSE 10 Security Update : openldap2 (openldap2-4999)
Oval
| accepted | 2013-04-29T04:19:37.578-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:9470 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. | ||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html
- http://secunia.com/advisories/28914
- http://secunia.com/advisories/28926
- http://secunia.com/advisories/28953
- http://secunia.com/advisories/29068
- http://secunia.com/advisories/29225
- http://secunia.com/advisories/29256
- http://secunia.com/advisories/29461
- http://secunia.com/advisories/29682
- http://secunia.com/advisories/29957
- http://security.gentoo.org/glsa/glsa-200803-28.xml
- http://support.apple.com/kb/HT3937
- http://wiki.rpath.com/Advisories:rPSA-2008-0059
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059
- http://www.debian.org/security/2008/dsa-1541
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:058
- http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modrdn.c.diff?r1=1.197&r2=1.198&f=h
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
- http://www.redhat.com/support/errata/RHSA-2008-0110.html
- http://www.securityfocus.com/archive/1/488242/100/200/threaded
- http://www.securityfocus.com/bid/27778
- http://www.securitytracker.com/id?1019481
- http://www.ubuntu.com/usn/usn-584-1
- http://www.vupen.com/english/advisories/2008/0536/references
- http://www.vupen.com/english/advisories/2009/3184
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40479
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9470