English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.69392
Kategorie:Mandrake Local Security Checks
Titel:Mandriva Security Advisory MDVSA-2011:056 (openldap)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to openldap
announced via advisory MDVSA-2011:056.

Multiple vulnerabilities has been identified and fixed in openldap:

chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24,
when a master-slave configuration with a chain overlay and
ppolicy_forward_updates (aka authentication-failure forwarding) is
used, allows remote authenticated users to bypass external-program
authentication by sending an invalid password to a slave server
(CVE-2011-1024).

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require
authentication for the root Distinguished Name (DN), which allows
remote attackers to bypass intended access restrictions via an
arbitrary password (CVE-2011-1025).

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote
attackers to cause a denial of service (daemon crash) via a relative
Distinguished Name (DN) modification request (aka MODRDN operation)
that contains an empty value for the OldDN field (CVE-2011-1081).

The updated packages have been patched to correct these issues.

Affected: 2010.0, 2010.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:056

Risk factor : High

CVSS Score:
6.8

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-1024
1025188
http://securitytracker.com/id?1025188
43331
http://secunia.com/advisories/43331
43708
http://secunia.com/advisories/43708
43718
http://secunia.com/advisories/43718
ADV-2011-0665
http://www.vupen.com/english/advisories/2011/0665
GLSA-201406-36
http://security.gentoo.org/glsa/glsa-201406-36.xml
MDVSA-2011:055
http://www.mandriva.com/security/advisories?name=MDVSA-2011:055
MDVSA-2011:056
http://www.mandriva.com/security/advisories?name=MDVSA-2011:056
RHSA-2011:0346
http://www.redhat.com/support/errata/RHSA-2011-0346.html
RHSA-2011:0347
http://www.redhat.com/support/errata/RHSA-2011-0347.html
USN-1100-1
http://www.ubuntu.com/usn/USN-1100-1
[openldap-announce] 20110212 OpenLDAP 2.4.24 available
http://www.openldap.org/lists/openldap-announce/201102/msg00000.html
[openldap-technical] 20100429 ppolicy master/slave issue
http://www.openldap.org/lists/openldap-technical/201004/msg00247.html
[oss-security] 20110224 CVE Request -- OpenLDAP -- two issues
http://openwall.com/lists/oss-security/2011/02/24/12
[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issues
http://openwall.com/lists/oss-security/2011/02/25/13
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607
https://bugzilla.novell.com/show_bug.cgi?id=674985
https://bugzilla.redhat.com/show_bug.cgi?id=680466
Common Vulnerability Exposure (CVE) ID: CVE-2011-1025
1025190
http://securitytracker.com/id?1025190
[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issue
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661
https://bugzilla.redhat.com/show_bug.cgi?id=680472
Common Vulnerability Exposure (CVE) ID: CVE-2011-1081
1025191
http://securitytracker.com/id?1025191
[oss-security] 20110228 Re: CVE Request -- OpenLDAP -- two issues
http://openwall.com/lists/oss-security/2011/02/28/1
http://openwall.com/lists/oss-security/2011/02/28/2
[oss-security] 20110301 Re: CVE Request -- OpenLDAP -- two issues
http://openwall.com/lists/oss-security/2011/03/01/11
http://openwall.com/lists/oss-security/2011/03/01/15
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768
https://bugzilla.redhat.com/show_bug.cgi?id=680975
openldap-modrdnc-dos(66239)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66239
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.