Test ID:	1.3.6.1.4.1.25623.1.0.55646
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2005:751
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2005:751. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The nss_ldap module is an extension for use with GNU libc which allows applications to, without internal modification, consult a directory service using LDAP to supplement information that would be read from local files such as /etc/passwd, /etc/group, and /etc/shadow. A bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP servers. If a client connection is referred to a different server, it is possible that the referred connection will not be encrypted even if the client has ssl start_tls in its ldap.conf file. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2069 to this issue. A bug was also found in the way certain OpenLDAP authentication schemes store hashed passwords. A remote attacker could re-use a hashed password to gain access to unauthorized resources. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0823 to this issue. All users of OpenLDAP and nss_ldap are advised to upgrade to these updated packages, which contain backported fixes that resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-751.html http://marc.theaimsgroup.com/?l=pamldap&m=112432721728160&w=2 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0823 http://www.securityfocus.com/advisories/7148 AUSCERT Advisory: ESB-2004.0559 http://www.auscert.org.au/render.html?it=4363 BugTraq ID: 11137 http://www.securityfocus.com/bid/11137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703 http://www.redhat.com/support/errata/RHSA-2005-751.html http://secunia.com/advisories/12491/ http://secunia.com/advisories/17233 http://secunia.com/advisories/21520 XForce ISS Database: openldap-crypt-gain-access(17300) https://exchange.xforce.ibmcloud.com/vulnerabilities/17300 Common Vulnerability Exposure (CVE) ID: CVE-2005-2069 14125 http://www.securityfocus.com/bid/14125 14126 http://www.securityfocus.com/bid/14126 17233 17692 http://www.osvdb.org/17692 17845 http://secunia.com/advisories/17845 20050704 pam_ldap/nss_ldap password leak in a master+slave+start_tls LDAP setup http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0060.html 21520 GLSA-2005-07-13 http://www.gentoo.org/security/en/glsa/glsa-200507-13.xml MDKSA-2005:121 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:121 RHSA-2005:751 RHSA-2005:767 http://www.redhat.com/support/errata/RHSA-2005-767.html USN-152-1 http://www.ubuntu.com/usn/usn-152-1 http://bugs.gentoo.org/show_bug.cgi?id=96767 http://bugzilla.padl.com/show_bug.cgi?id=210 http://bugzilla.padl.com/show_bug.cgi?id=211 http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm http://www.openldap.org/its/index.cgi/Incoming?id=3791 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161990 ldap-tls-information-disclosure(21245) https://exchange.xforce.ibmcloud.com/vulnerabilities/21245 oval:org.mitre.oval:def:9445 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9445
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.