ID de Prueba:	1.3.6.1.4.1.25623.1.0.58287
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0430
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0430. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications, libraries and development tools. A flaw was found in the way OpenLDAP handled selfwrite access. Users with selfwrite access were able to modify the distinguished name of any user. Users with selfwrite access should only be able to modify their own distinguished name. (CVE-2006-4600) A memory leak bug was found in OpenLDAP's ldap_start_tls_s() function. An application using this function could result in an Out Of Memory (OOM) condition, crashing the application. All users are advised to upgrade to this updated openldap package, which contains a backported fix and is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0430.html http://www.redhat.com/security/updates/classification/#low Risk factor : Medium CVSS Score: 2.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4600 BugTraq ID: 19832 http://www.securityfocus.com/bid/19832 Bugtraq: 20060929 rPSA-2006-0176-1 openldap openldap-clients openldap-servers (Google Search) http://www.securityfocus.com/archive/1/447395/100/200/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://security.gentoo.org/glsa/glsa-200711-23.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:171 http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587 http://www.openldap.org/lists/openldap-announce/200608/msg00000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9618 http://www.redhat.com/support/errata/RHSA-2007-0310.html http://www.redhat.com/support/errata/RHSA-2007-0430.html http://securitytracker.com/id?1016783 http://secunia.com/advisories/21721 http://secunia.com/advisories/22219 http://secunia.com/advisories/22273 http://secunia.com/advisories/22300 http://secunia.com/advisories/25098 http://secunia.com/advisories/25628 http://secunia.com/advisories/25676 http://secunia.com/advisories/25894 http://secunia.com/advisories/26909 http://secunia.com/advisories/27706 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://www.trustix.org/errata/2006/0055 http://www.vupen.com/english/advisories/2007/2186 http://www.vupen.com/english/advisories/2007/3229 XForce ISS Database: openldap-selfwrite-security-bypass(28772) https://exchange.xforce.ibmcloud.com/vulnerabilities/28772
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.