Vulnerabilities > CVE-2015-6908 - Improper Input Validation vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Exploit-Db
description | OpenLDAP 2.4.42 - ber_get_next Denial of Service. CVE-2015-6908. Dos exploit for linux platform |
id | EDB-ID:38145 |
last seen | 2016-02-04 |
modified | 2015-09-11 |
published | 2015-09-11 |
reporter | Denis Andzakovic |
source | https://www.exploit-db.com/download/38145/ |
title | OpenLDAP 2.4.42 - ber_get_next Denial of Service |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3356.NASL description Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet. last seen 2020-06-01 modified 2020-06-02 plugin id 85912 published 2015-09-14 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85912 title Debian DSA-3356-1 : openldap - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3356. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(85912); script_version("2.4"); script_cvs_date("Date: 2018/11/10 11:49:37"); script_cve_id("CVE-2015-6908"); script_xref(name:"DSA", value:"3356"); script_name(english:"Debian DSA-3356-1 : openldap - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798622" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/openldap" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/openldap" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2015/dsa-3356" ); script_set_attribute( attribute:"solution", value: "Upgrade the openldap packages. For the oldstable distribution (wheezy), this problem has been fixed in version 2.4.31-2+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 2.4.40+dfsg-1+deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openldap"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"ldap-utils", reference:"2.4.31-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libldap-2.4-2", reference:"2.4.31-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libldap-2.4-2-dbg", reference:"2.4.31-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libldap2-dev", reference:"2.4.31-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"slapd", reference:"2.4.31-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"slapd-dbg", reference:"2.4.31-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"slapd-smbk5pwd", reference:"2.4.31-2+deb7u1")) flag++; if (deb_check(release:"8.0", prefix:"ldap-utils", reference:"2.4.40+dfsg-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libldap-2.4-2", reference:"2.4.40+dfsg-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libldap-2.4-2-dbg", reference:"2.4.40+dfsg-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libldap2-dev", reference:"2.4.40+dfsg-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"slapd", reference:"2.4.40+dfsg-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"slapd-dbg", reference:"2.4.40+dfsg-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"slapd-smbk5pwd", reference:"2.4.40+dfsg-1+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0123.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2015-6908 openldap: ber_get_next denial of service vulnerability (#1263171) - fix: nslcd segfaults due to incorrect mutex initialization (#1144294) - fix: Updating openldap deletes database if slapd.conf is used (#1193519) - fix: ppc64: slaptest segfault in openldap-2.4.40 (#1202696) - fix: bring back accidentaly removed patch (#1147983) - rebase to 2.4.40 (#1147983) - fix: make /etc/openldap/check_password.conf readable by ldap (#1155390) - revert previous patch (#1172296) - fix: crash in ldap_domain2hostlist when processing SRV record (#1164369) - support TLS 1.1 and later (#1160467) - enhancement: add ppolicy-check-password (#1155390) - fix: prevent freed memory reuse (#1172296) - fix: provide a shim libldif.so (#1110382) - fix: remove correct tmp file when generating server cert (#1102083) - remove unapplied patches - fix: TLS_REQCERT documentation in client manpage (#1027796) - review %configure and remove nonexistent options - add another missing patch forgotten during the rebase - fix: enable dynamic linking - unresolved symbols in the smbk5pwd module - add missing patches that were removed by mistake during the rebase - rebase to 2.4.39 (#923680) + drop a lot of upstreamed patches, backport the rest + compile in mdb + remove automatic slapd.conf -> slapd-config conversion - fix: segfault on certain queries with rwm overlay (#1003038) - fix: deadlock during SSL_ForceHandshake (#996373) + revert nss-handshake-threadsafe.patch last seen 2020-06-01 modified 2020-06-02 plugin id 86216 published 2015-10-01 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86216 title OracleVM 3.3 : openldap (OVMSA-2015-0123) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2015-0123. # include("compat.inc"); if (description) { script_id(86216); script_version("2.4"); script_cvs_date("Date: 2019/09/27 13:00:34"); script_cve_id("CVE-2015-6908"); script_name(english:"OracleVM 3.3 : openldap (OVMSA-2015-0123)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2015-6908 openldap: ber_get_next denial of service vulnerability (#1263171) - fix: nslcd segfaults due to incorrect mutex initialization (#1144294) - fix: Updating openldap deletes database if slapd.conf is used (#1193519) - fix: ppc64: slaptest segfault in openldap-2.4.40 (#1202696) - fix: bring back accidentaly removed patch (#1147983) - rebase to 2.4.40 (#1147983) - fix: make /etc/openldap/check_password.conf readable by ldap (#1155390) - revert previous patch (#1172296) - fix: crash in ldap_domain2hostlist when processing SRV record (#1164369) - support TLS 1.1 and later (#1160467) - enhancement: add ppolicy-check-password (#1155390) - fix: prevent freed memory reuse (#1172296) - fix: provide a shim libldif.so (#1110382) - fix: remove correct tmp file when generating server cert (#1102083) - remove unapplied patches - fix: TLS_REQCERT documentation in client manpage (#1027796) - review %configure and remove nonexistent options - add another missing patch forgotten during the rebase - fix: enable dynamic linking - unresolved symbols in the smbk5pwd module - add missing patches that were removed by mistake during the rebase - rebase to 2.4.39 (#923680) + drop a lot of upstreamed patches, backport the rest + compile in mdb + remove automatic slapd.conf -> slapd-config conversion - fix: segfault on certain queries with rwm overlay (#1003038) - fix: deadlock during SSL_ForceHandshake (#996373) + revert nss-handshake-threadsafe.patch" ); # https://oss.oracle.com/pipermail/oraclevm-errata/2015-September/000371.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?06953aae" ); script_set_attribute( attribute:"solution", value:"Update the affected openldap / openldap-clients packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:openldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:openldap-clients"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/11"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.3", reference:"openldap-2.4.40-6.el6_7")) flag++; if (rpm_check(release:"OVS3.3", reference:"openldap-clients-2.4.40-6.el6_7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openldap / openldap-clients"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-309.NASL description Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet. The Squeeze-LTS package has been prepared by Ryan Tandy. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-09-15 plugin id 85931 published 2015-09-15 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85931 title Debian DLA-309-1 : openldap security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-309-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(85931); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-6908"); script_name(english:"Debian DLA-309-1 : openldap security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet. The Squeeze-LTS package has been prepared by Ryan Tandy. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/09/msg00005.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/openldap" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ldap-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libldap-2.4-2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libldap-2.4-2-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libldap2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:slapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:slapd-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:slapd-smbk5pwd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"ldap-utils", reference:"2.4.23-7.3+deb6u2")) flag++; if (deb_check(release:"6.0", prefix:"libldap-2.4-2", reference:"2.4.23-7.3+deb6u2")) flag++; if (deb_check(release:"6.0", prefix:"libldap-2.4-2-dbg", reference:"2.4.23-7.3+deb6u2")) flag++; if (deb_check(release:"6.0", prefix:"libldap2-dev", reference:"2.4.23-7.3+deb6u2")) flag++; if (deb_check(release:"6.0", prefix:"slapd", reference:"2.4.23-7.3+deb6u2")) flag++; if (deb_check(release:"6.0", prefix:"slapd-dbg", reference:"2.4.23-7.3+deb6u2")) flag++; if (deb_check(release:"6.0", prefix:"slapd-smbk5pwd", reference:"2.4.23-7.3+deb6u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0090-1.NASL description This update fixes the following security issue : - CVE-2015-6908. Passing a crafted packet to the function ber_get_next(), an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 87909 published 2016-01-14 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87909 title SUSE SLED11 / SLES11 Security Update : openldap2 (SUSE-SU-2016:0090-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:0090-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(87909); script_version("2.5"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2015-6908"); script_name(english:"SUSE SLED11 / SLES11 Security Update : openldap2 (SUSE-SU-2016:0090-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes the following security issue : - CVE-2015-6908. Passing a crafted packet to the function ber_get_next(), an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=945582" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-6908/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20160090-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a5e32d8" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11-SP4 : zypper in -t patch sdksp4-openldap2-20151222-12317=1 SUSE Linux Enterprise Software Development Kit 11-SP3 : zypper in -t patch sdksp3-openldap2-20151222-12317=1 SUSE Linux Enterprise Server for VMWare 11-SP3 : zypper in -t patch slessp3-openldap2-20151222-12317=1 SUSE Linux Enterprise Server 11-SP4 : zypper in -t patch slessp4-openldap2-20151222-12317=1 SUSE Linux Enterprise Server 11-SP3 : zypper in -t patch slessp3-openldap2-20151222-12317=1 SUSE Linux Enterprise Server 11-SECURITY : zypper in -t patch secsp3-openldap2-20151222-12317=1 SUSE Linux Enterprise Desktop 11-SP4 : zypper in -t patch sledsp4-openldap2-20151222-12317=1 SUSE Linux Enterprise Desktop 11-SP3 : zypper in -t patch sledsp3-openldap2-20151222-12317=1 SUSE Linux Enterprise Debuginfo 11-SP4 : zypper in -t patch dbgsp4-openldap2-20151222-12317=1 SUSE Linux Enterprise Debuginfo 11-SP3 : zypper in -t patch dbgsp3-openldap2-20151222-12317=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:compat-libldap-2_3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libldap-2_4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libldap-2_4-2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openldap2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openldap2-back-meta"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openldap2-client"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/11"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp); if (os_ver == "SLED11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP3/4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libldap-2_4-2-32bit-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libldap-2_4-2-32bit-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"compat-libldap-2_3-0-2.3.37-2.62.2")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"libldap-2_4-2-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"openldap2-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"openldap2-back-meta-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"openldap2-client-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"libldap-2_4-2-32bit-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"s390x", reference:"libldap-2_4-2-32bit-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"compat-libldap-2_3-0-2.3.37-2.62.2")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"libldap-2_4-2-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"openldap2-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"openldap2-back-meta-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"openldap2-client-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"libldap-2_4-2-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"openldap2-client-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"libldap-2_4-2-32bit-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"libldap-2_4-2-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"openldap2-client-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"libldap-2_4-2-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"openldap2-client-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"libldap-2_4-2-32bit-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"libldap-2_4-2-2.4.26-0.62.2")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"openldap2-client-2.4.26-0.62.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openldap2"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4910D16158A411E59AD814DAE9D210B8.NASL description Denis Andzakovic reports : By sending a crafted packet, an attacker may cause the OpenLDAP server to reach an assert(9 9 statement, crashing the daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 85924 published 2015-09-14 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85924 title FreeBSD : openldap -- denial of service vulnerability (4910d161-58a4-11e5-9ad8-14dae9d210b8) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(85924); script_version("2.4"); script_cvs_date("Date: 2018/11/10 11:49:44"); script_cve_id("CVE-2015-6908"); script_name(english:"FreeBSD : openldap -- denial of service vulnerability (4910d161-58a4-11e5-9ad8-14dae9d210b8)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Denis Andzakovic reports : By sending a crafted packet, an attacker may cause the OpenLDAP server to reach an assert(9 9 statement, crashing the daemon." ); # http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b8d71587" ); # http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2297a57c" ); # https://vuxml.freebsd.org/freebsd/4910d161-58a4-11e5-9ad8-14dae9d210b8.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?476517d4" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:openldap-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/09"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"openldap-server<2.4.42_1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Scientific Linux Local Security Checks NASL id SL_20150929_OPENLDAP_ON_SL5_X.NASL description A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. (CVE-2015-6908) last seen 2020-03-18 modified 2015-09-30 plugin id 86202 published 2015-09-30 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86202 title Scientific Linux Security Update : openldap on SL5.x, SL6.x, SL7.x i386/x86_64 (20150929) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(86202); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-6908"); script_name(english:"Scientific Linux Security Update : openldap on SL5.x, SL6.x, SL7.x i386/x86_64 (20150929)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. (CVE-2015-6908)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1509&L=scientific-linux-errata&F=&S=&P=21602 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0d4496b6" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:compat-openldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openldap-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openldap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openldap-servers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openldap-servers-overlays"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openldap-servers-sql"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/11"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"compat-openldap-2.3.43_2.2.29-29.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"openldap-2.3.43-29.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"openldap-clients-2.3.43-29.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"openldap-debuginfo-2.3.43-29.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"openldap-devel-2.3.43-29.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"openldap-servers-2.3.43-29.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"openldap-servers-overlays-2.3.43-29.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"openldap-servers-sql-2.3.43-29.el5_11")) flag++; if (rpm_check(release:"SL6", reference:"openldap-2.4.40-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"openldap-clients-2.4.40-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"openldap-debuginfo-2.4.40-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"openldap-devel-2.4.40-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"openldap-servers-2.4.40-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"openldap-servers-sql-2.4.40-6.el6_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openldap-2.4.39-7.el7_1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openldap-clients-2.4.39-7.el7_1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openldap-debuginfo-2.4.39-7.el7_1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openldap-devel-2.4.39-7.el7_1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openldap-servers-2.4.39-7.el7_1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openldap-servers-sql-2.4.39-7.el7_1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-openldap / openldap / openldap-clients / openldap-debuginfo / etc"); }
NASL family MacOS X Local Security Checks NASL id MACOSX_10_11_2.NASL description The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression - Configuration Profiles - CoreGraphics - CoreMedia Playback - Disk Images - EFI - File Bookmark - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit SCSI - IOThunderboltFamily - Kernel - kext tools - Keychain Access - libarchive - libc - libexpat - libxml2 - OpenGL - OpenLDAP - OpenSSH - QuickLook - Sandbox - Security - System Integrity Protection Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 87314 published 2015-12-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87314 title Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87314); script_version("1.10"); script_cvs_date("Date: 2019/11/20"); script_cve_id( "CVE-2011-2895", "CVE-2012-0876", "CVE-2012-1147", "CVE-2012-1148", "CVE-2015-3807", "CVE-2015-5333", "CVE-2015-5334", "CVE-2015-6908", "CVE-2015-7001", "CVE-2015-7038", "CVE-2015-7039", "CVE-2015-7040", "CVE-2015-7041", "CVE-2015-7042", "CVE-2015-7043", "CVE-2015-7044", "CVE-2015-7045", "CVE-2015-7046", "CVE-2015-7047", "CVE-2015-7052", "CVE-2015-7053", "CVE-2015-7054", "CVE-2015-7058", "CVE-2015-7059", "CVE-2015-7060", "CVE-2015-7061", "CVE-2015-7062", "CVE-2015-7063", "CVE-2015-7064", "CVE-2015-7065", "CVE-2015-7066", "CVE-2015-7067", "CVE-2015-7068", "CVE-2015-7071", "CVE-2015-7073", "CVE-2015-7074", "CVE-2015-7075", "CVE-2015-7076", "CVE-2015-7077", "CVE-2015-7078", "CVE-2015-7081", "CVE-2015-7083", "CVE-2015-7084", "CVE-2015-7094", "CVE-2015-7105", "CVE-2015-7106", "CVE-2015-7107", "CVE-2015-7108", "CVE-2015-7109", "CVE-2015-7110", "CVE-2015-7111", "CVE-2015-7112", "CVE-2015-7115", "CVE-2015-7116", "CVE-2015-7803", "CVE-2015-7804" ); script_bugtraq_id( 49124, 52379, 76343, 76714, 76959, 77112, 78719, 78721, 78725, 78730, 78733, 78735 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-12-08-3"); script_xref(name:"EDB-ID", value:"38917"); script_name(english:"Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Mac OS X."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes multiple security vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression - Configuration Profiles - CoreGraphics - CoreMedia Playback - Disk Images - EFI - File Bookmark - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit SCSI - IOThunderboltFamily - Kernel - kext tools - Keychain Access - libarchive - libc - libexpat - libxml2 - OpenGL - OpenLDAP - OpenSSH - QuickLook - Sandbox - Security - System Integrity Protection Note that successful exploitation of the most serious issues can result in arbitrary code execution."); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT205579"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT205637"); script_set_attribute(attribute:"solution", value: "Upgrade to Mac OS X version 10.11.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7071"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/11"); script_set_attribute(attribute:"patch_publication_date", value:"2015/12/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/10"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); script_require_ports("Host/MacOSX/Version", "Host/OS"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "Mac OS X"); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Cannot determine the host's OS with sufficient confidence."); } if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); match = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os); if (isnull(match)) exit(1, "Failed to parse the Mac OS X version ('" + os + "')."); version = match[1]; if ( version !~ "^10\.11([^0-9]|$)" ) audit(AUDIT_OS_NOT, "Mac OS X 10.11 or later", "Mac OS X "+version); fixed_version = "10.11.2"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); exit(0); } else exit(0, "The host is not affected since it is running Mac OS X "+version+".");
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-102.NASL description This update fixes the following security issues : - CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. (bsc#945582) - CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. (bsc#937766) It also fixes the following non-security bugs : - bsc#955210: Unresponsive LDAP host lookups in IPv6 environment - bsc#904028: Add missing dependency binutils used by %pre. last seen 2020-06-05 modified 2016-02-03 plugin id 88534 published 2016-02-03 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88534 title openSUSE Security Update : openldap2 (openSUSE-2016-102) (Logjam) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-599.NASL description A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. (CVE-2015-6908) last seen 2020-06-01 modified 2020-06-02 plugin id 86355 published 2015-10-13 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86355 title Amazon Linux AMI : openldap / compat-openldap (ALAS-2015-599) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2742-1.NASL description Denis Andzakovic discovered that OpenLDAP incorrectly handled certain BER data. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2015-6908) Dietrich Clauss discovered that the OpenLDAP package incorrectly shipped with a potentially unsafe default access control configuration. Depending on how the database is configure, this may allow users to impersonate others by modifying attributes such as their Unix user and group numbers. (CVE-2014-9713). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85984 published 2015-09-17 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85984 title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : openldap vulnerabilities (USN-2742-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1840.NASL description Updated openldap packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. (CVE-2015-6908) All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 86200 published 2015-09-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86200 title RHEL 5 / 6 / 7 : openldap (RHSA-2015:1840) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-104.NASL description This update fixes the following security issues : - CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. (bsc#945582) - CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. (bsc#937766) It also fixes the following non-security bugs : - bsc#955210: Unresponsive LDAP host lookups in IPv6 environment This update adds the following functionality : - fate#319300: SHA2 password hashing module that can be loaded on-demand. This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2016-02-03 plugin id 88535 published 2016-02-03 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88535 title openSUSE Security Update : openldap2 (openSUSE-2016-104) (Logjam) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1840.NASL description From Red Hat Security Advisory 2015:1840 : Updated openldap packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. (CVE-2015-6908) All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 86199 published 2015-09-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86199 title Oracle Linux 5 / 6 / 7 : openldap (ELSA-2015-1840) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-92.NASL description This update fixes the following security issues : - CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. (bsc#945582) - CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. (bsc#937766) It also fixes the following non-security bugs : - bsc#955210: Unresponsive LDAP host lookups in IPv6 environment - bsc#904028: Add missing dependency binutils used by %pre. last seen 2020-06-05 modified 2016-01-26 plugin id 88165 published 2016-01-26 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88165 title openSUSE Security Update : openldap2 (openSUSE-2016-92) (Logjam) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1840.NASL description Updated openldap packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. (CVE-2015-6908) All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 86515 published 2015-10-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86515 title CentOS 5 / 6 / 7 : openldap (CESA-2015:1840) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0069.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2015-6908 openldap: ber_get_next denial of service vulnerability (#1263170) - fix: syncprov psearch race condition (#999811) - fix: CVE-2013-4449 segfault on certain queries with rwm overlay (#1064146) - fix: do not send IPv6 DNS queries when IPv6 is disabled on the host (#812772) - fix: disable static libraries stripping (#684630) - fix: memory leaks in syncrepl and slap_sl_free (#741184) - new feature update: honor priority/weight with ldap_domain2hostlist (#733435) - fix: initscript marked as %config incorrectly (#738768) - new feature: honor priority/weight with ldap_domain2hostlist (#733435) - fix: strict aliasing warnings during package build (#732381) - fix: OpenLDAP packages lack debug data (#684630) - doc: Document preferred use of TLS_CACERT instead of TLS_CACERTDIR to specify Certificate Authorities (#699652) - fix: libldap ignores a directory of CA certificates if any of them can last seen 2020-06-01 modified 2020-06-02 plugin id 91749 published 2016-06-22 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91749 title OracleVM 3.2 : openldap (OVMSA-2016-0069) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0224-1.NASL description This update fixes the following security issues : - CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. (bsc#945582) - CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. (bsc#937766) It also fixes the following non-security bugs : - bsc#955210: Unresponsive LDAP host lookups in IPv6 environment This update adds the following functionality : - fate#319300: SHA2 password hashing module that can be loaded on-demand. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 88176 published 2016-01-26 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88176 title SUSE SLED12 / SLES12 Security Update : openldap2 (SUSE-SU-2016:0224-1) (Logjam) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2015-008.NASL description The remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-005 or 2015-008. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression - Configuration Profiles - CoreGraphics - CoreMedia Playback - Disk Images - EFI - File Bookmark - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit SCSI - IOThunderboltFamily - Kernel - kext tools - Keychain Access - libarchive - libc - libexpat - libxml2 - OpenGL - OpenLDAP - OpenSSH - QuickLook - Sandbox - Security - System Integrity Protection Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 87321 published 2015-12-11 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87321 title Mac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
- http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
- https://support.apple.com/HT205637
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/76714
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
- http://rhn.redhat.com/errata/RHSA-2015-1840.html
- http://www.ubuntu.com/usn/USN-2742-1
- http://www.securitytracker.com/id/1033534
- http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
- http://www.debian.org/security/2015/dsa-3356
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629