Ubuntu Local Security Checks : Ubuntu USN-551-1 (openldap)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 123947 CVE descriptions and 58962 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.59928
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-551-1 (openldap)
Summary:	Ubuntu USN-551-1 (openldap)
Description:	Description: The remote host is missing an update to openldap announced via advisory USN-551-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Thomas Sesselmann discovered that the OpenLDAP slapd server did not properly handle certain modify requests. A remote attacker could send malicious modify requests to the server and cause a denial of service. (CVE-2007-5707) Toby Blake discovered that slapd did not properly terminate an array while running as a proxy-caching server. A remote attacker may be able to send crafted search requests to the server and cause a denial of service. This issue only affects Ubuntu 7.04 and 7.10. (CVE-2007-5708) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: slapd 2.2.26-5ubuntu2.4 Ubuntu 6.10: slapd 2.2.26-5ubuntu3.2 Ubuntu 7.04: slapd 2.3.30-2ubuntu0.1 Ubuntu 7.10: slapd 2.3.35-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-551-1 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5707 http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5119 http://www.openldap.org/lists/openldap-announce/200710/msg00001.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html Debian Security Information: DSA-1541 (Google Search) http://www.debian.org/security/2008/dsa-1541 http://www.redhat.com/archives/fedora-package-announce/2007-November/msg00460.html http://security.gentoo.org/glsa/glsa-200803-28.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:215 http://www.redhat.com/support/errata/RHSA-2007-1037.html http://www.redhat.com/support/errata/RHSA-2007-1038.html SuSE Security Announcement: SUSE-SR:2007:024 (Google Search) http://www.novell.com/linux/security/advisories/2007_24_sr.html http://www.ubuntu.com/usn/usn-551-1 BugTraq ID: 26245 http://www.securityfocus.com/bid/26245 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10183 http://www.vupen.com/english/advisories/2007/3645 http://www.securitytracker.com/id?1018924 http://secunia.com/advisories/27424 http://secunia.com/advisories/27587 http://secunia.com/advisories/27596 http://secunia.com/advisories/27683 http://secunia.com/advisories/27868 http://secunia.com/advisories/27756 http://secunia.com/advisories/29461 http://secunia.com/advisories/29682 http://www.vupen.com/english/advisories/2009/3184 Common Vulnerability Exposure (CVE) ID: CVE-2007-5708 http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5163 http://www.mandriva.com/security/advisories?name=MDVSA-2008:058 http://secunia.com/advisories/29225 Common Vulnerability Exposure (CVE) ID: CVE-2007-3998 http://secweb.se/en/advisories/php-wordwrap-vulnerability/ Debian Security Information: DSA-1444 (Google Search) http://www.debian.org/security/2008/dsa-1444 Debian Security Information: DSA-1578 (Google Search) http://www.debian.org/security/2008/dsa-1578 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 http://www.redhat.com/support/errata/RHSA-2007-0890.html RedHat Security Advisories: RHSA-2007:0889 http://rhn.redhat.com/errata/RHSA-2007-0889.html http://www.redhat.com/support/errata/RHSA-2007-0891.html SuSE Security Announcement: SUSE-SA:2008:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://www.trustix.org/errata/2007/0026/ http://www.ubuntulinux.org/support/documentation/usn/usn-549-1 http://www.ubuntu.com/usn/usn-549-2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10603 http://www.vupen.com/english/advisories/2007/3023 http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/26930 http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26967 http://secunia.com/advisories/27377 http://secunia.com/advisories/27545 http://secunia.com/advisories/27102 http://secunia.com/advisories/27864 http://secunia.com/advisories/28249 http://secunia.com/advisories/28658 http://secunia.com/advisories/30288 Common Vulnerability Exposure (CVE) ID: CVE-2007-4657 http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability/ http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136 http://secunia.com/advisories/28318 http://secunia.com/advisories/28936 http://www.vupen.com/english/advisories/2008/0059 XForce ISS Database: php-strcspn-overflow(36388) https://exchange.xforce.ibmcloud.com/vulnerabilities/36388 XForce ISS Database: php-strcspn-strspn-unspecified(39399) https://exchange.xforce.ibmcloud.com/vulnerabilities/39399 Common Vulnerability Exposure (CVE) ID: CVE-2007-4658 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10363 XForce ISS Database: php-moneyformat-unspecified(36377) https://exchange.xforce.ibmcloud.com/vulnerabilities/36377 Common Vulnerability Exposure (CVE) ID: CVE-2007-4662 XForce ISS Database: php-phpopensslmakereq-bo(36390) https://exchange.xforce.ibmcloud.com/vulnerabilities/36390 Common Vulnerability Exposure (CVE) ID: CVE-2007-3799 http://www.php-security.org/MOPB/PMOPB-46-2007.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://www.redhat.com/support/errata/RHSA-2007-0888.html SuSE Security Announcement: SUSE-SR:2007:015 (Google Search) http://www.novell.com/linux/security/advisories/2007_15_sr.html BugTraq ID: 24268 http://www.securityfocus.com/bid/24268 http://osvdb.org/36855 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9792 http://www.vupen.com/english/advisories/2008/0924/references http://secunia.com/advisories/27351 http://secunia.com/advisories/29420 Common Vulnerability Exposure (CVE) ID: CVE-2007-2872 Bugtraq: 20070601 SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow (Google Search) http://www.securityfocus.com/archive/1/archive/1/470244/100/0/threaded http://www.sec-consult.com/291.html https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html HPdes Security Advisory: HPSBUX02262 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 HPdes Security Advisory: SSRT071447 HPdes Security Advisory: HPSBUX02308 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 HPdes Security Advisory: SSRT080010 HPdes Security Advisory: HPSBUX02332 http://www.securityfocus.com/archive/1/archive/1/491693/100/0/threaded HPdes Security Advisory: SSRT080056 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863 SuSE Security Announcement: SUSE-SA:2007:044 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://www.trustix.org/errata/2007/0023/ BugTraq ID: 24261 http://www.securityfocus.com/bid/24261 http://osvdb.org/36083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9424 http://www.vupen.com/english/advisories/2007/2061 http://www.vupen.com/english/advisories/2007/3386 http://www.vupen.com/english/advisories/2008/0398 http://www.securitytracker.com/id?1018186 http://secunia.com/advisories/25535 http://secunia.com/advisories/25456 http://secunia.com/advisories/26048 http://secunia.com/advisories/26231 http://secunia.com/advisories/27037 http://secunia.com/advisories/27110 http://secunia.com/advisories/28750 http://secunia.com/advisories/30040 XForce ISS Database: php-chunksplit-security-bypass(39398) https://exchange.xforce.ibmcloud.com/vulnerabilities/39398 Common Vulnerability Exposure (CVE) ID: CVE-2007-4660 http://www.mandriva.com/security/advisories?name=MDVSA-2008:125 http://www.mandriva.com/security/advisories?name=MDVSA-2008:126 Common Vulnerability Exposure (CVE) ID: CVE-2007-4661 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.58&r2=1.445.2.14.2.59 Common Vulnerability Exposure (CVE) ID: CVE-2007-1285 Bugtraq: 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/archive/1/466166/100/0/threaded http://www.php-security.org/MOPB/MOPB-03-2007.html http://security.gentoo.org/glsa/glsa-200705-19.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:087 http://www.mandriva.com/security/advisories?name=MDKSA-2007:088 http://www.mandriva.com/security/advisories?name=MDKSA-2007:089 http://www.mandriva.com/security/advisories?name=MDKSA-2007:090 http://www.redhat.com/support/errata/RHSA-2007-0082.html RedHat Security Advisories: RHSA-2007:0154 http://rhn.redhat.com/errata/RHSA-2007-0154.html RedHat Security Advisories: RHSA-2007:0155 http://rhn.redhat.com/errata/RHSA-2007-0155.html RedHat Security Advisories: RHSA-2007:0163 http://rhn.redhat.com/errata/RHSA-2007-0163.html http://www.redhat.com/support/errata/RHSA-2007-0162.html BugTraq ID: 22764 http://www.securityfocus.com/bid/22764 http://www.osvdb.org/32769 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017 http://www.securitytracker.com/id?1017771 http://secunia.com/advisories/24910 http://secunia.com/advisories/24924 http://secunia.com/advisories/24945 http://secunia.com/advisories/24941 http://secunia.com/advisories/24909 http://secunia.com/advisories/25445 Common Vulnerability Exposure (CVE) ID: CVE-2007-4670 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11028 Common Vulnerability Exposure (CVE) ID: CVE-2007-5898 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:127 http://www.redhat.com/support/errata/RHSA-2008-0505.html http://www.redhat.com/support/errata/RHSA-2008-0544.html http://www.redhat.com/support/errata/RHSA-2008-0545.html http://www.redhat.com/support/errata/RHSA-2008-0546.html http://www.redhat.com/support/errata/RHSA-2008-0582.html http://www.ubuntu.com/usn/usn-628-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10080 http://securitytracker.com/id?1018934 http://secunia.com/advisories/27648 http://secunia.com/advisories/27659 http://secunia.com/advisories/30828 http://secunia.com/advisories/31119 http://secunia.com/advisories/31124 http://secunia.com/advisories/31200 Common Vulnerability Exposure (CVE) ID: CVE-2007-5899 http://osvdb.org/38918 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11211
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com