Test ID:	1.3.6.1.4.1.25623.1.0.58287
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0430
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0430. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications, libraries and development tools. A flaw was found in the way OpenLDAP handled selfwrite access. Users with selfwrite access were able to modify the distinguished name of any user. Users with selfwrite access should only be able to modify their own distinguished name. (CVE-2006-4600) A memory leak bug was found in OpenLDAP's ldap_start_tls_s() function. An application using this function could result in an Out Of Memory (OOM) condition, crashing the application. All users are advised to upgrade to this updated openldap package, which contains a backported fix and is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0430.html http://www.redhat.com/security/updates/classification/#low Risk factor : Medium CVSS Score: 2.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4600 BugTraq ID: 19832 http://www.securityfocus.com/bid/19832 Bugtraq: 20060929 rPSA-2006-0176-1 openldap openldap-clients openldap-servers (Google Search) http://www.securityfocus.com/archive/1/447395/100/200/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://security.gentoo.org/glsa/glsa-200711-23.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:171 http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587 http://www.openldap.org/lists/openldap-announce/200608/msg00000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9618 http://www.redhat.com/support/errata/RHSA-2007-0310.html http://www.redhat.com/support/errata/RHSA-2007-0430.html http://securitytracker.com/id?1016783 http://secunia.com/advisories/21721 http://secunia.com/advisories/22219 http://secunia.com/advisories/22273 http://secunia.com/advisories/22300 http://secunia.com/advisories/25098 http://secunia.com/advisories/25628 http://secunia.com/advisories/25676 http://secunia.com/advisories/25894 http://secunia.com/advisories/26909 http://secunia.com/advisories/27706 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://www.trustix.org/errata/2006/0055 http://www.vupen.com/english/advisories/2007/2186 http://www.vupen.com/english/advisories/2007/3229 XForce ISS Database: openldap-selfwrite-security-bypass(28772) https://exchange.xforce.ibmcloud.com/vulnerabilities/28772
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.