ID de Prueba:	1.3.6.1.4.1.25623.1.0.67725
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0543
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0543. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. An uninitialized pointer use flaw was discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use this flaw to crash the slapd daemon via specially-crafted modrdn requests. (CVE-2010-0211) Red Hat would like to thank CERT-FI for responsibly reporting the CVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salomäki for the discovery of the issue. A flaw was found in the way OpenLDAP handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using OpenLDAP libraries into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack. (CVE-2009-3767) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0543.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3767 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html http://security.gentoo.org/glsa/glsa-201406-36.xml http://marc.info/?l=oss-security&m=125198917018936&w=2 http://marc.info/?l=oss-security&m=125369675820512&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11178 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7274 http://www.redhat.com/support/errata/RHSA-2010-0543.html http://www.redhat.com/support/errata/RHSA-2011-0896.html http://secunia.com/advisories/38769 http://secunia.com/advisories/40677 SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://www.vupen.com/english/advisories/2009/3056 http://www.vupen.com/english/advisories/2010/1858 Common Vulnerability Exposure (CVE) ID: CVE-2010-0211 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html BugTraq ID: 41770 http://www.securityfocus.com/bid/41770 Bugtraq: 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap (Google Search) http://www.securityfocus.com/archive/1/515545/100/0/threaded http://www.redhat.com/support/errata/RHSA-2010-0542.html http://www.securitytracker.com/id?1024221 http://secunia.com/advisories/40639 http://secunia.com/advisories/40687 http://secunia.com/advisories/42787 SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://www.vupen.com/english/advisories/2010/1849 http://www.vupen.com/english/advisories/2011/0025
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.