English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.69392
Categoría:Mandrake Local Security Checks
Título:Mandriva Security Advisory MDVSA-2011:056 (openldap)
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing an update to openldap
announced via advisory MDVSA-2011:056.

Multiple vulnerabilities has been identified and fixed in openldap:

chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24,
when a master-slave configuration with a chain overlay and
ppolicy_forward_updates (aka authentication-failure forwarding) is
used, allows remote authenticated users to bypass external-program
authentication by sending an invalid password to a slave server
(CVE-2011-1024).

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require
authentication for the root Distinguished Name (DN), which allows
remote attackers to bypass intended access restrictions via an
arbitrary password (CVE-2011-1025).

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote
attackers to cause a denial of service (daemon crash) via a relative
Distinguished Name (DN) modification request (aka MODRDN operation)
that contains an empty value for the OldDN field (CVE-2011-1081).

The updated packages have been patched to correct these issues.

Affected: 2010.0, 2010.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:056

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1024
1025188
http://securitytracker.com/id?1025188
43331
http://secunia.com/advisories/43331
43708
http://secunia.com/advisories/43708
43718
http://secunia.com/advisories/43718
ADV-2011-0665
http://www.vupen.com/english/advisories/2011/0665
GLSA-201406-36
http://security.gentoo.org/glsa/glsa-201406-36.xml
MDVSA-2011:055
http://www.mandriva.com/security/advisories?name=MDVSA-2011:055
MDVSA-2011:056
http://www.mandriva.com/security/advisories?name=MDVSA-2011:056
RHSA-2011:0346
http://www.redhat.com/support/errata/RHSA-2011-0346.html
RHSA-2011:0347
http://www.redhat.com/support/errata/RHSA-2011-0347.html
USN-1100-1
http://www.ubuntu.com/usn/USN-1100-1
[openldap-announce] 20110212 OpenLDAP 2.4.24 available
http://www.openldap.org/lists/openldap-announce/201102/msg00000.html
[openldap-technical] 20100429 ppolicy master/slave issue
http://www.openldap.org/lists/openldap-technical/201004/msg00247.html
[oss-security] 20110224 CVE Request -- OpenLDAP -- two issues
http://openwall.com/lists/oss-security/2011/02/24/12
[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issues
http://openwall.com/lists/oss-security/2011/02/25/13
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77&hideattic=1&sortbydate=0
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6607
https://bugzilla.novell.com/show_bug.cgi?id=674985
https://bugzilla.redhat.com/show_bug.cgi?id=680466
Common Vulnerability Exposure (CVE) ID: CVE-2011-1025
1025190
http://securitytracker.com/id?1025190
[oss-security] 20110225 Re: CVE Request -- OpenLDAP -- two issue
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6661
https://bugzilla.redhat.com/show_bug.cgi?id=680472
Common Vulnerability Exposure (CVE) ID: CVE-2011-1081
1025191
http://securitytracker.com/id?1025191
[oss-security] 20110228 Re: CVE Request -- OpenLDAP -- two issues
http://openwall.com/lists/oss-security/2011/02/28/1
http://openwall.com/lists/oss-security/2011/02/28/2
[oss-security] 20110301 Re: CVE Request -- OpenLDAP -- two issues
http://openwall.com/lists/oss-security/2011/03/01/11
http://openwall.com/lists/oss-security/2011/03/01/15
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.8&r2=1.170.2.9
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6768
https://bugzilla.redhat.com/show_bug.cgi?id=680975
openldap-modrdnc-dos(66239)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66239
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.