|Category:||Mandrake Local Security Checks|
|Title:||Mandrake Security Advisory MDKSA-2006:208-1 (openldap)|
|Summary:||Mandrake Security Advisory MDKSA-2006:208-1 (openldap)|
The remote host is missing an update to openldap
announced via advisory MDKSA-2006:208-1.
An unspecified vulnerability in OpenLDAP allows remote attackers to
cause a denial of service (daemon crash) via a certain combination of
SASL Bind requests that triggers an assertion failure in libldap.
Packages have been patched to correct this issue.
Packages for Corp4 were built from the wrong src.rpm, breaking Heimdal
Kerboros and possibly other support. Updated packages are being
provided to correct this issue.
Affected: Corporate 4.0
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
Risk factor : Medium
Common Vulnerability Exposure (CVE) ID: CVE-2006-5779|
Bugtraq: 20061106 VulnDisco Pack for Metasploit (Google Search)
SuSE Security Announcement: SUSE-SA:2006:072 (Google Search)
BugTraq ID: 20939
XForce ISS Database: openldap-bind-dos(30076)
|Copyright||Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com|
|This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.