Vulnerabilities > CVE-2008-0658 - Resource Management Errors vulnerability in Openldap 2.3.39

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
openldap
CWE-399
nessus
exploit available

Summary

slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.

Vulnerable Configurations

Part Description Count
Application
Openldap
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionOpenLDAP 2.3.39 MODRDN Remote Denial of Service Vulnerability. CVE-2008-0658. Dos exploit for linux platform
idEDB-ID:31190
last seen2016-02-03
modified2008-02-13
published2008-02-13
reporterRalf Haferkamp
sourcehttps://www.exploit-db.com/download/31190/
titleOpenLDAP 2.3.39 MODRDN Remote Denial of Service Vulnerability

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-006.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
    last seen2020-06-01
    modified2020-06-02
    plugin id42433
    published2009-11-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42433
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-006)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3000) exit(0);
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(42433);
      script_version("1.27");
    
      script_cve_id(
        "CVE-2007-5707",
        "CVE-2007-6698",
        "CVE-2008-0658",
        "CVE-2008-5161",
        "CVE-2009-0023",
        "CVE-2009-1191",
        "CVE-2009-1195",
        "CVE-2009-1574",
        "CVE-2009-1632",
        "CVE-2009-1890",
        "CVE-2009-1891",
        "CVE-2009-1955",
        "CVE-2009-1956",
        "CVE-2009-2408",
        "CVE-2009-2409",
        "CVE-2009-2411",
        "CVE-2009-2412",
        "CVE-2009-2414",
        "CVE-2009-2416",
        "CVE-2009-2666",
        "CVE-2009-2808",
        "CVE-2009-2818",
        "CVE-2009-2819",
        "CVE-2009-2820",
        "CVE-2009-2823",
        "CVE-2009-2824",
        "CVE-2009-2825",
        "CVE-2009-2826",
        "CVE-2009-2827",
        "CVE-2009-2828",
        "CVE-2009-2829",
        "CVE-2009-2831",
        "CVE-2009-2832",
        "CVE-2009-2833",
        "CVE-2009-2834",
        "CVE-2009-2837",
        "CVE-2009-2838",
        "CVE-2009-2839",
        "CVE-2009-2840",
        "CVE-2009-3111",
        "CVE-2009-3291",
        "CVE-2009-3292",
        "CVE-2009-3293"
      );
      script_bugtraq_id(
        26245,
        27778,
        34663,
        35115,
        35221,
        35251,
        35565,
        35623,
        35888,
        35983,
        36263,
        36449,
        36959,
        36961,
        36962,
        36963,
        36964,
        36966,
        36967,
        36972,
        36973,
        36975,
        36977,
        36978,
        36979,
        36982,
        36985,
        36988,
        36990
      );
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)");
      script_summary(english:"Check for the presence of Security Update 2009-006");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is running a version of Mac OS X 10.5 that does not
    have Security Update 2009-006 applied.
    
    This security update contains fixes for the following products :
    
      - AFP Client
      - Adaptive Firewall
      - Apache
      - Apache Portable Runtime
      - ATS
      - Certificate Assistant
      - CoreGraphics
      - CUPS
      - Dictionary
      - DirectoryService
      - Disk Images
      - Event Monitor
      - fetchmail
      - FTP Server
      - Help Viewer
      - International Components for Unicode
      - IOKit
      - IPSec
      - libsecurity
      - libxml
      - OpenLDAP
      - OpenSSH
      - PHP
      - QuickDraw Manager
      - QuickLook
      - FreeRADIUS
      - Screen Sharing
      - Spotlight
      - Subversion"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/HT3937"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://www.securityfocus.com/advisories/18255"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install Security Update 2009-006 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399);
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/09");
      script_cvs_date("Date: 2018/07/16 12:48:31");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
    
      exit(0);
    }
    
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(1, "The 'Host/uname' KB item is missing.");
    
    pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$";
    if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+").");
    
    darwin = ereg_replace(pattern:pat, replace:"\1", string:uname);
    if (ereg(pattern:"^(9\.[0-8]\.)", string:darwin))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing.");
    
      if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[6-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages))
        exit(0, "The host has Security Update 2009-006 or later installed and therefore is not affected.");
      else
        security_hole(0);
    }
    else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0110.NASL
    descriptionUpdated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id31159
    published2008-02-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31159
    titleRHEL 4 / 5 : openldap (RHSA-2008:0110)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0110. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31159);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2007-6698", "CVE-2008-0658");
      script_bugtraq_id(26245, 27778);
      script_xref(name:"RHSA", value:"2008:0110");
    
      script_name(english:"RHEL 4 / 5 : openldap (RHSA-2008:0110)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated openldap packages that fix security issues are now available
    for Red Hat Enterprise Linux 4 and 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    OpenLDAP is an open source suite of Lightweight Directory Access
    Protocol (LDAP) applications and development tools. LDAP is a set of
    protocols for accessing directory services.
    
    These updated openldap packages fix a flaw in the way the OpenLDAP
    slapd daemon handled modify and modrdn requests with NOOP control on
    objects stored in a Berkeley DB (BDB) storage backend. An
    authenticated attacker with permission to perform modify or modrdn
    operations on such LDAP objects could cause slapd to crash.
    (CVE-2007-6698, CVE-2008-0658)
    
    Users of openldap should upgrade to these updated packages, which
    contain a backported patch to correct this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6698"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0658"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0110"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compat-openldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap-servers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0110";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"compat-openldap-2.1.30-8.el4_6.4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"openldap-2.2.13-8.el4_6.4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"openldap-clients-2.2.13-8.el4_6.4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"openldap-devel-2.2.13-8.el4_6.4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"openldap-servers-2.2.13-8.el4_6.4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"openldap-servers-sql-2.2.13-8.el4_6.4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", reference:"compat-openldap-2.3.27_2.2.29-8.el5_1.3")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"openldap-2.3.27-8.el5_1.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"openldap-devel-2.3.27-8.el5_1.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-openldap / openldap / openldap-clients / openldap-devel / etc");
      }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080221_OPENLDAP_ON_SL4_X.NASL
    descriptionThese updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658)
    last seen2020-06-01
    modified2020-06-02
    plugin id60361
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60361
    titleScientific Linux Security Update : openldap on SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60361);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:17");
    
      script_cve_id("CVE-2007-6698", "CVE-2008-0658");
    
      script_name(english:"Scientific Linux Security Update : openldap on SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "These updated openldap packages fix a flaw in the way the OpenLDAP
    slapd daemon handled modify and modrdn requests with NOOP control on
    objects stored in a Berkeley DB (BDB) storage backend. An
    authenticated attacker with permission to perform modify or modrdn
    operations on such LDAP objects could cause slapd to crash.
    (CVE-2007-6698, CVE-2008-0658)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0802&L=scientific-linux-errata&T=0&P=932
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9c0baec3"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"compat-openldap-2.1.30-8.el4_6.4")) flag++;
    if (rpm_check(release:"SL4", reference:"openldap-2.2.13-8.el4_6.4")) flag++;
    if (rpm_check(release:"SL4", reference:"openldap-clients-2.2.13-8.el4_6.4")) flag++;
    if (rpm_check(release:"SL4", reference:"openldap-devel-2.2.13-8.el4_6.4")) flag++;
    if (rpm_check(release:"SL4", reference:"openldap-servers-2.2.13-8.el4_6.4")) flag++;
    if (rpm_check(release:"SL4", reference:"openldap-servers-sql-2.2.13-8.el4_6.4")) flag++;
    
    if (rpm_check(release:"SL5", reference:"compat-openldap-2.3.27_2.2.29-8.el5_1.3")) flag++;
    if (rpm_check(release:"SL5", reference:"openldap-2.3.27-8.el5_1.3")) flag++;
    if (rpm_check(release:"SL5", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++;
    if (rpm_check(release:"SL5", reference:"openldap-devel-2.3.27-8.el5_1.3")) flag++;
    if (rpm_check(release:"SL5", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++;
    if (rpm_check(release:"SL5", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_OPENLDAP2-4989.NASL
    descriptionAuthenticated users could crash the LDAP server
    last seen2020-06-01
    modified2020-06-02
    plugin id32078
    published2008-04-28
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32078
    titleSuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 4989)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(32078);
      script_version ("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:32");
    
      script_cve_id("CVE-2007-6698", "CVE-2008-0658");
    
      script_name(english:"SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 4989)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Authenticated users could crash the LDAP server 'slapd' via the 'NOOP'
    command. (CVE-2007-6698 / CVE-2008-0658)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-6698.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-0658.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4989.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:1, reference:"openldap2-2.3.32-0.25.5")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"openldap2-client-2.3.32-0.23.5")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"openldap2-devel-2.3.32-0.23.5")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"openldap2-client-32bit-2.3.32-0.23.5")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"openldap2-devel-32bit-2.3.32-0.23.5")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-2.3.32-0.25.5")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-back-meta-2.3.32-0.25.5")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-back-perl-2.3.32-0.25.5")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-client-2.3.32-0.23.5")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"openldap2-devel-2.3.32-0.23.5")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"openldap2-client-32bit-2.3.32-0.23.5")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"openldap2-devel-32bit-2.3.32-0.23.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0110.NASL
    descriptionFrom Red Hat Security Advisory 2008:0110 : Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67650
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67650
    titleOracle Linux 4 / 5 : openldap (ELSA-2008-0110)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2008:0110 and 
    # Oracle Linux Security Advisory ELSA-2008-0110 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67650);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2007-6698", "CVE-2008-0658");
      script_bugtraq_id(26245, 27778);
      script_xref(name:"RHSA", value:"2008:0110");
    
      script_name(english:"Oracle Linux 4 / 5 : openldap (ELSA-2008-0110)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2008:0110 :
    
    Updated openldap packages that fix security issues are now available
    for Red Hat Enterprise Linux 4 and 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    OpenLDAP is an open source suite of Lightweight Directory Access
    Protocol (LDAP) applications and development tools. LDAP is a set of
    protocols for accessing directory services.
    
    These updated openldap packages fix a flaw in the way the OpenLDAP
    slapd daemon handled modify and modrdn requests with NOOP control on
    objects stored in a Berkeley DB (BDB) storage backend. An
    authenticated attacker with permission to perform modify or modrdn
    operations on such LDAP objects could cause slapd to crash.
    (CVE-2007-6698, CVE-2008-0658)
    
    Users of openldap should upgrade to these updated packages, which
    contain a backported patch to correct this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000517.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000520.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openldap packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:compat-openldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openldap-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openldap-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openldap-servers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openldap-servers-sql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"compat-openldap-2.1.30-8.el4_6.4")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"compat-openldap-2.1.30-8.el4_6.4")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-2.2.13-8.el4_6.4")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-2.2.13-8.el4_6.4")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-clients-2.2.13-8.el4_6.4")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-clients-2.2.13-8.el4_6.4")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-devel-2.2.13-8.el4_6.4")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-devel-2.2.13-8.el4_6.4")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-servers-2.2.13-8.el4_6.4")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-servers-2.2.13-8.el4_6.4")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"openldap-servers-sql-2.2.13-8.el4_6.4")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openldap-servers-sql-2.2.13-8.el4_6.4")) flag++;
    
    if (rpm_check(release:"EL5", reference:"compat-openldap-2.3.27_2.2.29-8.el5_1.3")) flag++;
    if (rpm_check(release:"EL5", reference:"openldap-2.3.27-8.el5_1.3")) flag++;
    if (rpm_check(release:"EL5", reference:"openldap-clients-2.3.27-8.el5_1.3")) flag++;
    if (rpm_check(release:"EL5", reference:"openldap-devel-2.3.27-8.el5_1.3")) flag++;
    if (rpm_check(release:"EL5", reference:"openldap-servers-2.3.27-8.el5_1.3")) flag++;
    if (rpm_check(release:"EL5", reference:"openldap-servers-sql-2.3.27-8.el5_1.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-openldap / openldap / openldap-clients / openldap-devel / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1541.NASL
    descriptionSeveral remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5707 Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requests. - CVE-2007-5708 Toby Blade discovered that incorrect memory handling in slapo-pcache could lead to denial of service through crafted search requests. - CVE-2007-6698 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modify requests. - CVE-2008-0658 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modrdn requests.
    last seen2020-06-01
    modified2020-06-02
    plugin id31811
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31811
    titleDebian DSA-1541-1 : openldap2.3 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1541. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31811);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:21");
    
      script_cve_id("CVE-2007-5707", "CVE-2007-5708", "CVE-2007-6698", "CVE-2008-0658");
      script_xref(name:"DSA", value:"1541");
    
      script_name(english:"Debian DSA-1541-1 : openldap2.3 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several remote vulnerabilities have been discovered in OpenLDAP, a
    free implementation of the Lightweight Directory Access Protocol. The
    Common Vulnerabilities and Exposures project identifies the following
    problems :
    
      - CVE-2007-5707
        Thomas Sesselmann discovered that slapd could be crashed
        by a malformed modify requests.
    
      - CVE-2007-5708
        Toby Blade discovered that incorrect memory handling in
        slapo-pcache could lead to denial of service through
        crafted search requests.
    
      - CVE-2007-6698
        It was discovered that a programming error in the
        interface to the BDB storage backend could lead to
        denial of service through crafted modify requests.
    
      - CVE-2008-0658
        It was discovered that a programming error in the
        interface to the BDB storage backend could lead to
        denial of service through crafted modrdn requests."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465875"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-5707"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-5708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-6698"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-0658"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2008/dsa-1541"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the openldap2.3 packages.
    
    For the stable distribution (etch), these problems have been fixed in
    version 2.3.30-5+etch1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openldap2.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"ldap-utils", reference:"2.3.30-5+etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libldap-2.3-0", reference:"2.3.30-5+etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"slapd", reference:"2.3.30-5+etch1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12075.NASL
    descriptionAuthenticated users could crash the LDAP server
    last seen2020-06-01
    modified2020-06-02
    plugin id41197
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41197
    titleSuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12075)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41197);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2007-6698", "CVE-2008-0658");
    
      script_name(english:"SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12075)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Authenticated users could crash the LDAP server 'slapd' via the 'NOOP'
    command. (CVE-2007-6698 / CVE-2008-0658)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-6698.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-0658.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12075.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"openldap2-2.2.24-4.25")) flag++;
    if (rpm_check(release:"SUSE9", reference:"openldap2-back-ldap-2.2.24-4.25")) flag++;
    if (rpm_check(release:"SUSE9", reference:"openldap2-back-meta-2.2.24-4.25")) flag++;
    if (rpm_check(release:"SUSE9", reference:"openldap2-back-monitor-2.2.24-4.25")) flag++;
    if (rpm_check(release:"SUSE9", reference:"openldap2-back-perl-2.2.24-4.25")) flag++;
    if (rpm_check(release:"SUSE9", reference:"openldap2-client-2.2.24-4.25")) flag++;
    if (rpm_check(release:"SUSE9", reference:"openldap2-devel-2.2.24-4.25")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"openldap2-client-32bit-9-200802110138")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"openldap2-devel-32bit-9-200802110138")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0110.NASL
    descriptionUpdated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id31138
    published2008-02-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31138
    titleCentOS 4 / 5 : openldap (CESA-2008:0110)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1616.NASL
    description - Fri Feb 8 2008 Jan Safranek <jsafranek at redhat.com> 2.3.34-7 - fix CVE-2008-0658 (#432012) - Tue Feb 5 2008 Jan Safranek <jsafranek at redhat.com> 2.3.34-6 - fix CVE-2007-6698 (#431409) - Mon Jan 14 2008 Jan Safranek <jsafranek at redhat.com> 2.3.34-5 - fix default slurpd directory to /var/lib/ldap (#424831) - Fri Nov 2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-4 - fix various security flaws (#360081) - Fri Jul 13 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-3 - Fix initscript return codes (#242667) - Provide overlays including smbk5pwd (as modules; #246036, #245896, #220895) - Add available modules to config file - do not create script in /tmp on startup (bz#188298) - add compat-slapcat to openldap-compat (bz#179378) - do not import ddp services with migrate_services.pl (bz#201183) - sort the hosts by address, preventing duplicities in migrate*nis*.pl (bz#201540) - start slupd for each replicated database (bz#210155) - add ldconfig to devel post/postun (bz#240253) - include misc.schema in default slapd.conf (bz#147805) - Mon Apr 23 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-2 - slapadd during package update is now quiet (bz#224581) - use _localstatedir instead of var/ during build (bz#220970) - bind-libbind-devel removed from BuildRequires (bz#216851) - slaptest is now quiet during service ldap start, if there is no error/warning (bz#143697) - libldap_r.so now links with pthread (bz#198226) - do not strip binaries to produce correct .debuginfo packages (bz#152516) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31076
    published2008-02-14
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31076
    titleFedora 7 : openldap-2.3.34-7.fc7 (2008-1616)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1568.NASL
    description - Fri Feb 8 2008 Jan Safranek <jsafranek at redhat.com> 2.3.39-2 - fix CVE-2008-0658 (#432013) - Mon Jan 14 2008 Jan Safranek <jsafranek at redhat.com> 2.3.39-2 - fix default slurpd directory to /var/lib/ldap (#424831) - Fri Nov 2 2007 Jan Safranek <jsafranek at redhat.com> 2.3.39-1 - new upstream version, fixing few security flaws (#362991) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31071
    published2008-02-14
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31071
    titleFedora 8 : openldap-2.3.39-3.fc8 (2008-1568)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-058.NASL
    descriptionA vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of service (CVE-2007-5708). Two vulnerabilities were found in how slapd handled modify (prior to 2.3.26) and modrdn (prior to 2.3.29) requests with NOOP control on objects stored in the BDB backend. An authenticated user with permission to perform modify (CVE-2007-6698) or modrdn (CVE-2008-0658) operations could cause slapd to crash. The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37371
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37371
    titleMandriva Linux Security Advisory : openldap (MDVSA-2008:058)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-584-1.NASL
    descriptionJonathan Clarke discovered that the OpenLDAP slapd server did not properly handle modify requests when using the Berkeley DB backend and specifying the NOOP control. An authenticated user with modify permissions could send a crafted modify request and cause a denial of service via application crash. Ubuntu 7.10 is not affected by this issue. (CVE-2007-6698) Ralf Haferkamp discovered that the OpenLDAP slapd server did not properly handle modrdn requests when using the Berkeley DB backend and specifying the NOOP control. An authenticated user with modrdn permissions could send a crafted modrdn request and possibly cause a denial of service via application crash. (CVE-2007-6698). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31406
    published2008-03-07
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31406
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : openldap2.2, openldap2.3 vulnerabilities (USN-584-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200803-28.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200803-28 (OpenLDAP: Denial of Service vulnerabilities) The following errors have been discovered in OpenLDAP: Tony Blake discovered an error which exists within the normalisation of
    last seen2020-06-01
    modified2020-06-02
    plugin id31634
    published2008-03-21
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31634
    titleGLSA-200803-28 : OpenLDAP: Denial of Service vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E5D29309E0DB11DC97B2001C2514716C.NASL
    descriptionSecunia Advisory reports : A vulnerability has been reported in OpenLDAP, which can be exploited by malicious users to cause a DoS (Denial of Service).
    last seen2020-06-01
    modified2020-06-02
    plugin id31156
    published2008-02-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31156
    titleFreeBSD : openldap -- modrdn Denial of Service vulnerability (e5d29309-e0db-11dc-97b2-001c2514716c)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_OPENLDAP2-4999.NASL
    descriptionAuthenticated users could crash the LDAP server
    last seen2020-06-01
    modified2020-06-02
    plugin id32079
    published2008-04-28
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32079
    titleopenSUSE 10 Security Update : openldap2 (openldap2-4999)

Oval

accepted2013-04-29T04:19:37.578-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionslapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
familyunix
idoval:org.mitre.oval:def:9470
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleslapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
version27

Redhat

advisories
bugzilla
id432008
titleCVE-2008-0658 openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentcompat-openldap is earlier than 0:2.1.30-8.el4_6.4
          ovaloval:com.redhat.rhsa:tst:20080110001
        • commentcompat-openldap is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070310008
      • AND
        • commentopenldap-devel is earlier than 0:2.2.13-8.el4_6.4
          ovaloval:com.redhat.rhsa:tst:20080110003
        • commentopenldap-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070310006
      • AND
        • commentopenldap is earlier than 0:2.2.13-8.el4_6.4
          ovaloval:com.redhat.rhsa:tst:20080110005
        • commentopenldap is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070310002
      • AND
        • commentopenldap-servers is earlier than 0:2.2.13-8.el4_6.4
          ovaloval:com.redhat.rhsa:tst:20080110007
        • commentopenldap-servers is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070310012
      • AND
        • commentopenldap-servers-sql is earlier than 0:2.2.13-8.el4_6.4
          ovaloval:com.redhat.rhsa:tst:20080110009
        • commentopenldap-servers-sql is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070310010
      • AND
        • commentopenldap-clients is earlier than 0:2.2.13-8.el4_6.4
          ovaloval:com.redhat.rhsa:tst:20080110011
        • commentopenldap-clients is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070310004
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentcompat-openldap is earlier than 0:2.3.27_2.2.29-8.el5_1.3
          ovaloval:com.redhat.rhsa:tst:20080110014
        • commentcompat-openldap is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20071037004
      • AND
        • commentopenldap is earlier than 0:2.3.27-8.el5_1.3
          ovaloval:com.redhat.rhsa:tst:20080110016
        • commentopenldap is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20071037006
      • AND
        • commentopenldap-servers is earlier than 0:2.3.27-8.el5_1.3
          ovaloval:com.redhat.rhsa:tst:20080110018
        • commentopenldap-servers is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20071037008
      • AND
        • commentopenldap-servers-sql is earlier than 0:2.3.27-8.el5_1.3
          ovaloval:com.redhat.rhsa:tst:20080110020
        • commentopenldap-servers-sql is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20071037010
      • AND
        • commentopenldap-clients is earlier than 0:2.3.27-8.el5_1.3
          ovaloval:com.redhat.rhsa:tst:20080110022
        • commentopenldap-clients is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20071037012
      • AND
        • commentopenldap-devel is earlier than 0:2.3.27-8.el5_1.3
          ovaloval:com.redhat.rhsa:tst:20080110024
        • commentopenldap-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20071037002
rhsa
idRHSA-2008:0110
released2008-02-21
severityModerate
titleRHSA-2008:0110: openldap security update (Moderate)
rpms
  • compat-openldap-0:2.1.30-8.el4_6.4
  • compat-openldap-0:2.3.27_2.2.29-8.el5_1.3
  • openldap-0:2.2.13-8.el4_6.4
  • openldap-0:2.3.27-8.el5_1.3
  • openldap-clients-0:2.2.13-8.el4_6.4
  • openldap-clients-0:2.3.27-8.el5_1.3
  • openldap-debuginfo-0:2.2.13-8.el4_6.4
  • openldap-debuginfo-0:2.3.27-8.el5_1.3
  • openldap-devel-0:2.2.13-8.el4_6.4
  • openldap-devel-0:2.3.27-8.el5_1.3
  • openldap-servers-0:2.2.13-8.el4_6.4
  • openldap-servers-0:2.3.27-8.el5_1.3
  • openldap-servers-sql-0:2.2.13-8.el4_6.4
  • openldap-servers-sql-0:2.3.27-8.el5_1.3

References