 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.50950 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2002:312 (OpenLDAP) |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2002:312. OpenLDAP is a suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services. In an audit of OpenLDAP by SuSE, a number of potential security issues were found. The following is a list of these issues: When reading configuration files, libldap reads the current user's .ldaprc file even in applications being run with elevated privileges. Slurpd would overflow an internal buffer if the command-line argument used with the -t or -r flags is too long, or if the name of a file for which it attempted to create an advisory lock is too long. When parsing filters, the getfilter script_family( of functions from libldap can overflow an internal buffer by supplying a carefully crafted ldapfilter.conf file. When processing LDAP entry display templates, libldap can overflow an internal buffer by supplying a carefully crafted ldaptemplates.conf file. When parsing an access control list, slapd can overflow an internal buffer. When constructing the name of the file used for logging rejected replication requests, slapd overflows an internal buffer if the size of the generated name is too large. It can also destroy the contents of any file owned by the user 'ldap' due to a race condition in the subsequent creation of the log file. All of these potential security issues are corrected by the packages contained within this erratum. Red Hat Linux Advanced Server users who use LDAP are advised to install the updated OpenLDAP packages contained within this erratum. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-312.html Risk factor : High CVSS Score: 7.5 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2002-1378 BugTraq ID: 6328 http://www.securityfocus.com/bid/6328 Computer Incident Advisory Center Bulletin: N-043 http://www.ciac.org/ciac/bulletins/n-043.shtml Conectiva Linux advisory: CLA-2002:556 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000556 Debian Security Information: DSA-227 (Google Search) http://www.debian.org/security/2003/dsa-227 http://www.securityfocus.com/advisories/4827 http://www.mandriva.com/security/advisories?name=MDKSA-2003:006 http://www.linuxsecurity.com/advisories/gentoo_advisory-2704.html http://www.redhat.com/support/errata/RHSA-2003-040.html SuSE Security Announcement: SuSE-SA:2002:047 (Google Search) http://www.novell.com/linux/security/advisories/2002_047_openldap2.html TurboLinux Advisory: TLSA-2003-5 http://www.turbolinux.com/security/TLSA-2003-5.txt XForce ISS Database: openldap-multiple-bo(10800) https://exchange.xforce.ibmcloud.com/vulnerabilities/10800 Common Vulnerability Exposure (CVE) ID: CVE-2002-1379 Common Vulnerability Exposure (CVE) ID: CVE-2002-1508 http://www.iss.net/security_center/static/11288.php |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |