Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2014-294)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120159

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2014-294)

Resumen: The remote host is missing an update for the 'openldap' package(s) announced via the ALAS-2014-294 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openldap' package(s) announced via the ALAS-2014-294 advisory.

Vulnerability Insight:
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.

Affected Software/OS:
'openldap' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-4449
1029711
http://www.securitytracker.com/id/1029711
20140401 Cisco Unified Communications Manager Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-4449
20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
https://seclists.org/bugtraq/2019/Dec/23
20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
http://seclists.org/fulldisclosure/2019/Dec/26
63190
http://www.securityfocus.com/bid/63190
DSA-3209
http://www.debian.org/security/2015/dsa-3209
MDVSA-2014:026
http://www.mandriva.com/security/advisories?name=MDVSA-2014:026
RHSA-2014:0126
http://rhn.redhat.com/errata/RHSA-2014-0126.html
RHSA-2014:0206
http://rhn.redhat.com/errata/RHSA-2014-0206.html
[oss-security] 20131018 Re: CVE request: slapd segfaults on certain queries with rwm overlay enabled
http://www.openwall.com/lists/oss-security/2013/10/19/3
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://www.openldap.org/its/index.cgi/Incoming?id=7723
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bugzilla.redhat.com/show_bug.cgi?id=1019490
https://support.apple.com/kb/HT210788

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120159
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2014-294)
Resumen:	The remote host is missing an update for the 'openldap' package(s) announced via the ALAS-2014-294 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openldap' package(s) announced via the ALAS-2014-294 advisory. Vulnerability Insight: The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. Affected Software/OS: 'openldap' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4449 1029711 http://www.securitytracker.com/id/1029711 20140401 Cisco Unified Communications Manager Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-4449 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra https://seclists.org/bugtraq/2019/Dec/23 20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra http://seclists.org/fulldisclosure/2019/Dec/26 63190 http://www.securityfocus.com/bid/63190 DSA-3209 http://www.debian.org/security/2015/dsa-3209 MDVSA-2014:026 http://www.mandriva.com/security/advisories?name=MDVSA-2014:026 RHSA-2014:0126 http://rhn.redhat.com/errata/RHSA-2014-0126.html RHSA-2014:0206 http://rhn.redhat.com/errata/RHSA-2014-0206.html [oss-security] 20131018 Re: CVE request: slapd segfaults on certain queries with rwm overlay enabled http://www.openwall.com/lists/oss-security/2013/10/19/3 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://www.openldap.org/its/index.cgi/Incoming?id=7723 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html https://bugzilla.redhat.com/show_bug.cgi?id=1019490 https://support.apple.com/kb/HT210788
Copyright	Copyright (C) 2015 Greenbone AG