Red Hat Local Security Checks : RedHat Security Advisory RHSA-2010:0542

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67724

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2010:0542

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2010:0542.

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools.

Multiple flaws were discovered in the way the slapd daemon handled modify
relative distinguished name (modrdn) requests. An authenticated user with
privileges to perform modrdn operations could use these flaws to crash the
slapd daemon via specially-crafted modrdn requests. (CVE-2010-0211,
CVE-2010-0212)

Red Hat would like to thank CERT-FI for responsibly reporting these flaws,
who credit Ilkka Mattila and Tuomas Salomäki for the discovery of the
issues.

Users of OpenLDAP should upgrade to these updated packages, which contain
a backported patch to correct these issues. After installing this update,
the OpenLDAP daemons will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0542.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0211
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
BugTraq ID: 41770
http://www.securityfocus.com/bid/41770
Bugtraq: 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap (Google Search)
http://www.securityfocus.com/archive/1/515545/100/0/threaded
http://security.gentoo.org/glsa/glsa-201406-36.xml
http://www.redhat.com/support/errata/RHSA-2010-0542.html
http://www.redhat.com/support/errata/RHSA-2010-0543.html
http://www.securitytracker.com/id?1024221
http://secunia.com/advisories/40639
http://secunia.com/advisories/40677
http://secunia.com/advisories/40687
http://secunia.com/advisories/42787
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://www.vupen.com/english/advisories/2010/1849
http://www.vupen.com/english/advisories/2010/1858
http://www.vupen.com/english/advisories/2011/0025
Common Vulnerability Exposure (CVE) ID: CVE-2010-0212

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67724
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0542
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0542. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. Multiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially-crafted modrdn requests. (CVE-2010-0211, CVE-2010-0212) Red Hat would like to thank CERT-FI for responsibly reporting these flaws, who credit Ilkka Mattila and Tuomas Salomäki for the discovery of the issues. Users of OpenLDAP should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0542.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0211 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html BugTraq ID: 41770 http://www.securityfocus.com/bid/41770 Bugtraq: 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap (Google Search) http://www.securityfocus.com/archive/1/515545/100/0/threaded http://security.gentoo.org/glsa/glsa-201406-36.xml http://www.redhat.com/support/errata/RHSA-2010-0542.html http://www.redhat.com/support/errata/RHSA-2010-0543.html http://www.securitytracker.com/id?1024221 http://secunia.com/advisories/40639 http://secunia.com/advisories/40677 http://secunia.com/advisories/40687 http://secunia.com/advisories/42787 SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://www.vupen.com/english/advisories/2010/1849 http://www.vupen.com/english/advisories/2010/1858 http://www.vupen.com/english/advisories/2011/0025 Common Vulnerability Exposure (CVE) ID: CVE-2010-0212
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com