 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50950 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2002:312 (OpenLDAP) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory RHSA-2002:312. OpenLDAP is a suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services. In an audit of OpenLDAP by SuSE, a number of potential security issues were found. The following is a list of these issues: When reading configuration files, libldap reads the current user's .ldaprc file even in applications being run with elevated privileges. Slurpd would overflow an internal buffer if the command-line argument used with the -t or -r flags is too long, or if the name of a file for which it attempted to create an advisory lock is too long. When parsing filters, the getfilter script_family( of functions from libldap can overflow an internal buffer by supplying a carefully crafted ldapfilter.conf file. When processing LDAP entry display templates, libldap can overflow an internal buffer by supplying a carefully crafted ldaptemplates.conf file. When parsing an access control list, slapd can overflow an internal buffer. When constructing the name of the file used for logging rejected replication requests, slapd overflows an internal buffer if the size of the generated name is too large. It can also destroy the contents of any file owned by the user 'ldap' due to a race condition in the subsequent creation of the log file. All of these potential security issues are corrected by the packages contained within this erratum. Red Hat Linux Advanced Server users who use LDAP are advised to install the updated OpenLDAP packages contained within this erratum. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-312.html Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2002-1378 BugTraq ID: 6328 http://www.securityfocus.com/bid/6328 Computer Incident Advisory Center Bulletin: N-043 http://www.ciac.org/ciac/bulletins/n-043.shtml Conectiva Linux advisory: CLA-2002:556 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000556 Debian Security Information: DSA-227 (Google Search) http://www.debian.org/security/2003/dsa-227 http://www.securityfocus.com/advisories/4827 http://www.mandriva.com/security/advisories?name=MDKSA-2003:006 http://www.linuxsecurity.com/advisories/gentoo_advisory-2704.html http://www.redhat.com/support/errata/RHSA-2003-040.html SuSE Security Announcement: SuSE-SA:2002:047 (Google Search) http://www.novell.com/linux/security/advisories/2002_047_openldap2.html TurboLinux Advisory: TLSA-2003-5 http://www.turbolinux.com/security/TLSA-2003-5.txt XForce ISS Database: openldap-multiple-bo(10800) https://exchange.xforce.ibmcloud.com/vulnerabilities/10800 Common Vulnerability Exposure (CVE) ID: CVE-2002-1379 Common Vulnerability Exposure (CVE) ID: CVE-2002-1508 http://www.iss.net/security_center/static/11288.php |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |