English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.122584
Category:Oracle Linux Local Security Checks
Title:Oracle: Security Advisory (ELSA-2008-0389)
Summary:The remote host is missing an update for the 'nss_ldap' package(s) announced via the ELSA-2008-0389 advisory.
Description:Summary:
The remote host is missing an update for the 'nss_ldap' package(s) announced via the ELSA-2008-0389 advisory.

Vulnerability Insight:
[253-12]
- rebuild

[253-11]
- backport changes to group parsing from version 254 to fix heap corruption
when parsing nested groups (#444031)

[253-10]
- remove unnecessary nss_ldap linkage to libnsl (part of #427370)

[253-9]
- rebuild

[253-8]
- incorporate Tomas Janouseks fix to prevent re-use of connections across
fork() (#252337)

[253-7]
- add keyutils-libs-devel and libselinux-devel as a buildrequires: in order to
static link with newer Kerberos (#427370)

[253-6]
- suppress password-expired errors encountered during referral chases during
modify requests (#335661)
- interpret server-supplied policy controls when chasing referrals, so that
we don't give up when following a referral for a password change after
reset (#335661)
- don't attempt to change the password using ldap_modify if the password
change mode is 'exop_send_old' (we already didn't for 'exop') (#364501)
- don't drop the supplied password if the directory server indicates that
the password needs to be changed because its just been reset: we may need
it to chase a referral later (#335661)
- correctly detect libresolv and build a URI using discovered settings, so that
server discovery can work again (#254172)
- honor the 'port' setting again by correctly detecting when a URI doesn't
already specify one (#326351)

Affected Software/OS:
'nss_ldap' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5794
1020088
http://www.securitytracker.com/id?1020088
20080212 FLEA-2008-0003-1 nss_ldap
http://www.securityfocus.com/archive/1/487985/100/0/threaded
26452
http://www.securityfocus.com/bid/26452
27670
http://secunia.com/advisories/27670
27768
http://secunia.com/advisories/27768
27839
http://secunia.com/advisories/27839
28061
http://secunia.com/advisories/28061
28838
http://secunia.com/advisories/28838
29083
http://secunia.com/advisories/29083
30352
http://secunia.com/advisories/30352
31227
http://secunia.com/advisories/31227
31524
http://secunia.com/advisories/31524
DSA-1430
http://www.debian.org/security/2007/dsa-1430
GLSA-200711-33
http://security.gentoo.org/glsa/glsa-200711-33.xml
MDVSA-2008:049
http://www.mandriva.com/security/advisories?name=MDVSA-2008:049
RHSA-2008:0389
http://www.redhat.com/support/errata/RHSA-2008-0389.html
RHSA-2008:0715
http://www.redhat.com/support/errata/RHSA-2008-0715.html
SUSE-SR:2008:003
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
[Dovecot] 20050303 hanging imap... and users getting other users' emails!
http://www.dovecot.org/list/dovecot/2005-March/006345.html
[Dovecot] 20050409 Authentication and the wrong mailbox?
http://www.dovecot.org/list/dovecot/2005-April/006859.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453868
http://bugs.gentoo.org/show_bug.cgi?id=198390
http://support.avaya.com/elmodocs2/security/ASA-2008-332.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0255
https://bugzilla.redhat.com/show_bug.cgi?id=154314
https://bugzilla.redhat.com/show_bug.cgi?id=367461
https://issues.rpath.com/browse/RPL-1913
nssldap-ldap-race-condition(38505)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38505
oval:org.mitre.oval:def:10625
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10625
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.