Test Kennung:	1.3.6.1.4.1.25623.1.0.831356
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Update for openldap MDVSA-2011:055 (openldap)
Zusammenfassung:	The remote host is missing an update for the 'openldap'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'openldap' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been identified and fixed in openldap: chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server (CVE-2011-1024). modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field (CVE-2011-1081). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct these issues. Affected Software/OS: openldap on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1024 1025188 http://securitytracker.com/id?1025188 43331 http://secunia.com/advisories/43331 43708 http://secunia.com/advisories/43708 43718 http://secunia.com/advisories/43718 ADV-2011-0665 http://www.vupen.com/english/advisories/2011/0665 GLSA-201406-36 http://security.gentoo.org/glsa/glsa-201406-36.xml MDVSA-2011:055 http://www.mandriva.com/security/advisories?name=MDVSA-2011:055 MDVSA-2011:056 http://www.mandriva.com/security/advisories?name=MDVSA-2011:056 RHSA-2011:0346 http://www.redhat.com/support/errata/RHSA-2011-0346.html RHSA-2011:0347 http://www.redhat.com/support/errata/RHSA-2011-0347.html USN-1100-1 http://www.ubuntu.com/usn/USN-1100-1 [openldap-announce] 20110212 OpenLDAP 2.4.24 available http://www.openldap.org/lists/openldap-announce/201102/msg00000.html [openldap-technical] 20100429 ppolicy master/slave issue http://www.openldap.org/lists/openldap-technical/201004/msg00247.html [oss-security] 20110224 CVE Request -- OpenLDAP -- two issues http://openwall.com/lists/oss-security/2011/02/24/12 [oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issues http://openwall.com/lists/oss-security/2011/02/25/13 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0 http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607 https://bugzilla.novell.com/show_bug.cgi?id=674985 https://bugzilla.redhat.com/show_bug.cgi?id=680466 Common Vulnerability Exposure (CVE) ID: CVE-2011-1081 1025191 http://securitytracker.com/id?1025191 [oss-security] 20110228 Re: CVE Request -- OpenLDAP -- two issues http://openwall.com/lists/oss-security/2011/02/28/1 http://openwall.com/lists/oss-security/2011/02/28/2 [oss-security] 20110301 Re: CVE Request -- OpenLDAP -- two issues http://openwall.com/lists/oss-security/2011/03/01/11 http://openwall.com/lists/oss-security/2011/03/01/15 http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9 http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768 https://bugzilla.redhat.com/show_bug.cgi?id=680975 openldap-modrdnc-dos(66239) https://exchange.xforce.ibmcloud.com/vulnerabilities/66239
Copyright	Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.