English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 94899 CVE descriptions
and 51984 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59928
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-551-1 (openldap)
Summary:Ubuntu USN-551-1 (openldap)
Description:Description:

The remote host is missing an update to openldap
announced via advisory USN-551-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Thomas Sesselmann discovered that the OpenLDAP slapd server
did not properly handle certain modify requests. A remote
attacker could send malicious modify requests to the server
and cause a denial of service. (CVE-2007-5707)

Toby Blake discovered that slapd did not properly terminate
an array while running as a proxy-caching server. A remote
attacker may be able to send crafted search requests to the
server and cause a denial of service. This issue only affects
Ubuntu 7.04 and 7.10. (CVE-2007-5708)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
slapd 2.2.26-5ubuntu2.4

Ubuntu 6.10:
slapd 2.2.26-5ubuntu3.2

Ubuntu 7.04:
slapd 2.3.30-2ubuntu0.1

Ubuntu 7.10:
slapd 2.3.35-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-551-1

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5707
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5119
http://www.openldap.org/lists/openldap-announce/200710/msg00001.html
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Debian Security Information: DSA-1541 (Google Search)
http://www.debian.org/security/2008/dsa-1541
http://www.redhat.com/archives/fedora-package-announce/2007-November/msg00460.html
http://security.gentoo.org/glsa/glsa-200803-28.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:215
http://www.redhat.com/support/errata/RHSA-2007-1037.html
http://www.redhat.com/support/errata/RHSA-2007-1038.html
SuSE Security Announcement: SUSE-SR:2007:024 (Google Search)
http://www.novell.com/linux/security/advisories/2007_24_sr.html
http://www.ubuntu.com/usn/usn-551-1
BugTraq ID: 26245
http://www.securityfocus.com/bid/26245
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10183
http://www.vupen.com/english/advisories/2007/3645
http://www.securitytracker.com/id?1018924
http://secunia.com/advisories/27424
http://secunia.com/advisories/27587
http://secunia.com/advisories/27596
http://secunia.com/advisories/27683
http://secunia.com/advisories/27868
http://secunia.com/advisories/27756
http://secunia.com/advisories/29461
http://secunia.com/advisories/29682
http://www.vupen.com/english/advisories/2009/3184
Common Vulnerability Exposure (CVE) ID: CVE-2007-5708
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5163
http://www.mandriva.com/security/advisories?name=MDVSA-2008:058
http://secunia.com/advisories/29225
Common Vulnerability Exposure (CVE) ID: CVE-2007-3998
http://secweb.se/en/advisories/php-wordwrap-vulnerability/
Debian Security Information: DSA-1444 (Google Search)
http://www.debian.org/security/2008/dsa-1444
Debian Security Information: DSA-1578 (Google Search)
http://www.debian.org/security/2008/dsa-1578
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
http://www.redhat.com/support/errata/RHSA-2007-0890.html
RedHat Security Advisories: RHSA-2007:0889
http://rhn.redhat.com/errata/RHSA-2007-0889.html
http://www.redhat.com/support/errata/RHSA-2007-0891.html
SuSE Security Announcement: SUSE-SA:2008:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://www.trustix.org/errata/2007/0026/
http://www.ubuntulinux.org/support/documentation/usn/usn-549-1
http://www.ubuntu.com/usn/usn-549-2
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10603
http://www.vupen.com/english/advisories/2007/3023
http://secunia.com/advisories/26642
http://secunia.com/advisories/26822
http://secunia.com/advisories/26838
http://secunia.com/advisories/26930
http://secunia.com/advisories/26871
http://secunia.com/advisories/26895
http://secunia.com/advisories/26967
http://secunia.com/advisories/27377
http://secunia.com/advisories/27545
http://secunia.com/advisories/27102
http://secunia.com/advisories/27864
http://secunia.com/advisories/28249
http://secunia.com/advisories/28658
http://secunia.com/advisories/30288
Common Vulnerability Exposure (CVE) ID: CVE-2007-4657
http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability/
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
http://secunia.com/advisories/28318
http://secunia.com/advisories/28936
http://www.vupen.com/english/advisories/2008/0059
XForce ISS Database: php-strcspn-overflow(36388)
http://xforce.iss.net/xforce/xfdb/36388
XForce ISS Database: php-strcspn-strspn-unspecified(39399)
http://xforce.iss.net/xforce/xfdb/39399
Common Vulnerability Exposure (CVE) ID: CVE-2007-4658
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10363
XForce ISS Database: php-moneyformat-unspecified(36377)
http://xforce.iss.net/xforce/xfdb/36377
Common Vulnerability Exposure (CVE) ID: CVE-2007-4662
XForce ISS Database: php-phpopensslmakereq-bo(36390)
http://xforce.iss.net/xforce/xfdb/36390
Common Vulnerability Exposure (CVE) ID: CVE-2007-3799
http://www.php-security.org/MOPB/PMOPB-46-2007.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://www.redhat.com/support/errata/RHSA-2007-0888.html
SuSE Security Announcement: SUSE-SR:2007:015 (Google Search)
http://www.novell.com/linux/security/advisories/2007_15_sr.html
BugTraq ID: 24268
http://www.securityfocus.com/bid/24268
http://osvdb.org/36855
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9792
http://www.vupen.com/english/advisories/2008/0924/references
http://secunia.com/advisories/27351
http://secunia.com/advisories/29420
Common Vulnerability Exposure (CVE) ID: CVE-2007-2872
Bugtraq: 20070601 SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/470244/100/0/threaded
http://www.sec-consult.com/291.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
HPdes Security Advisory: HPSBUX02308
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
HPdes Security Advisory: SSRT080010
HPdes Security Advisory: HPSBUX02332
http://www.securityfocus.com/archive/1/archive/1/491693/100/0/threaded
HPdes Security Advisory: SSRT080056
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
SuSE Security Announcement: SUSE-SA:2007:044 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
http://www.trustix.org/errata/2007/0023/
BugTraq ID: 24261
http://www.securityfocus.com/bid/24261
http://osvdb.org/36083
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9424
http://www.vupen.com/english/advisories/2007/2061
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2008/0398
http://www.securitytracker.com/id?1018186
http://secunia.com/advisories/25535
http://secunia.com/advisories/25456
http://secunia.com/advisories/26048
http://secunia.com/advisories/26231
http://secunia.com/advisories/27037
http://secunia.com/advisories/27110
http://secunia.com/advisories/28750
http://secunia.com/advisories/30040
XForce ISS Database: php-chunksplit-security-bypass(39398)
http://xforce.iss.net/xforce/xfdb/39398
Common Vulnerability Exposure (CVE) ID: CVE-2007-4660
http://www.mandriva.com/security/advisories?name=MDVSA-2008:125
http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
Common Vulnerability Exposure (CVE) ID: CVE-2007-4661
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59
Common Vulnerability Exposure (CVE) ID: CVE-2007-1285
Bugtraq: 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql (Google Search)
http://www.securityfocus.com/archive/1/archive/1/466166/100/0/threaded
http://www.php-security.org/MOPB/MOPB-03-2007.html
http://security.gentoo.org/glsa/glsa-200705-19.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
http://www.mandriva.com/security/advisories?name=MDKSA-2007:089
http://www.mandriva.com/security/advisories?name=MDKSA-2007:090
http://www.redhat.com/support/errata/RHSA-2007-0082.html
RedHat Security Advisories: RHSA-2007:0154
http://rhn.redhat.com/errata/RHSA-2007-0154.html
RedHat Security Advisories: RHSA-2007:0155
http://rhn.redhat.com/errata/RHSA-2007-0155.html
RedHat Security Advisories: RHSA-2007:0163
http://rhn.redhat.com/errata/RHSA-2007-0163.html
http://www.redhat.com/support/errata/RHSA-2007-0162.html
BugTraq ID: 22764
http://www.securityfocus.com/bid/22764
http://www.osvdb.org/32769
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11017
http://www.securitytracker.com/id?1017771
http://secunia.com/advisories/24910
http://secunia.com/advisories/24924
http://secunia.com/advisories/24945
http://secunia.com/advisories/24941
http://secunia.com/advisories/24909
http://secunia.com/advisories/25445
Common Vulnerability Exposure (CVE) ID: CVE-2007-4670
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11028
Common Vulnerability Exposure (CVE) ID: CVE-2007-5898
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:127
http://www.redhat.com/support/errata/RHSA-2008-0505.html
http://www.redhat.com/support/errata/RHSA-2008-0544.html
http://www.redhat.com/support/errata/RHSA-2008-0545.html
http://www.redhat.com/support/errata/RHSA-2008-0546.html
http://www.redhat.com/support/errata/RHSA-2008-0582.html
http://www.ubuntu.com/usn/usn-628-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10080
http://securitytracker.com/id?1018934
http://secunia.com/advisories/27648
http://secunia.com/advisories/27659
http://secunia.com/advisories/30828
http://secunia.com/advisories/31119
http://secunia.com/advisories/31124
http://secunia.com/advisories/31200
Common Vulnerability Exposure (CVE) ID: CVE-2007-5899
http://osvdb.org/38918
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11211
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 51984 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.