CentOS Local Security Checks : CentOS Update for compat-openldap CESA-2010:0542 centos5 i386

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.880588

Categoría: CentOS Local Security Checks

Título: CentOS Update for compat-openldap CESA-2010:0542 centos5 i386

Resumen: The remote host is missing an update for the 'compat-openldap'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'compat-openldap'
package(s) announced via the referenced advisory.

Vulnerability Insight:
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools.

Multiple flaws were discovered in the way the slapd daemon handled modify
relative distinguished name (modrdn) requests. An authenticated user with
privileges to perform modrdn operations could use these flaws to crash the
slapd daemon via specially-crafted modrdn requests. (CVE-2010-0211,
CVE-2010-0212)

Red Hat would like to thank CERT-FI for responsibly reporting these flaws,
who credit Ilkka Mattila and Tuomas Salomki for the discovery of the
issues.

Users of OpenLDAP should upgrade to these updated packages, which contain
a backported patch to correct these issues. After installing this update,
the OpenLDAP daemons will be restarted automatically.

Affected Software/OS:
compat-openldap on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0211
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
BugTraq ID: 41770
http://www.securityfocus.com/bid/41770
Bugtraq: 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap (Google Search)
http://www.securityfocus.com/archive/1/515545/100/0/threaded
http://security.gentoo.org/glsa/glsa-201406-36.xml
http://www.redhat.com/support/errata/RHSA-2010-0542.html
http://www.redhat.com/support/errata/RHSA-2010-0543.html
http://www.securitytracker.com/id?1024221
http://secunia.com/advisories/40639
http://secunia.com/advisories/40677
http://secunia.com/advisories/40687
http://secunia.com/advisories/42787
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://www.vupen.com/english/advisories/2010/1849
http://www.vupen.com/english/advisories/2010/1858
http://www.vupen.com/english/advisories/2011/0025
Common Vulnerability Exposure (CVE) ID: CVE-2010-0212

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.880588
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for compat-openldap CESA-2010:0542 centos5 i386
Resumen:	The remote host is missing an update for the 'compat-openldap'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'compat-openldap' package(s) announced via the referenced advisory. Vulnerability Insight: OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. Multiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially-crafted modrdn requests. (CVE-2010-0211, CVE-2010-0212) Red Hat would like to thank CERT-FI for responsibly reporting these flaws, who credit Ilkka Mattila and Tuomas Salomki for the discovery of the issues. Users of OpenLDAP should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. Affected Software/OS: compat-openldap on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0211 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html BugTraq ID: 41770 http://www.securityfocus.com/bid/41770 Bugtraq: 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap (Google Search) http://www.securityfocus.com/archive/1/515545/100/0/threaded http://security.gentoo.org/glsa/glsa-201406-36.xml http://www.redhat.com/support/errata/RHSA-2010-0542.html http://www.redhat.com/support/errata/RHSA-2010-0543.html http://www.securitytracker.com/id?1024221 http://secunia.com/advisories/40639 http://secunia.com/advisories/40677 http://secunia.com/advisories/40687 http://secunia.com/advisories/42787 SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://www.vupen.com/english/advisories/2010/1849 http://www.vupen.com/english/advisories/2010/1858 http://www.vupen.com/english/advisories/2011/0025 Common Vulnerability Exposure (CVE) ID: CVE-2010-0212
Copyright	Copyright (C) 2011 Greenbone AG