Test ID:	1.3.6.1.4.1.25623.1.0.60463
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:058 (openldap)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to openldap announced via advisory MDVSA-2008:058. A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of service (CVE-2007-5708). Two vulnerabilities were found in how slapd handled modify (prior to 2.3.26) and modrdn (prior to 2.3.29) requests with NOOP control on objects stored in the BDB backend. An authenticated user with permission to perform modify (CVE-2007-6698) or modrdn (CVE-2008-0658) operations could cause slapd to crash. The updated packages have been patched to correct these issues. Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:058 Risk factor : High CVSS Score: 7.1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5708 26245 http://www.securityfocus.com/bid/26245 27424 http://secunia.com/advisories/27424 27683 http://secunia.com/advisories/27683 27756 http://secunia.com/advisories/27756 27868 http://secunia.com/advisories/27868 29225 http://secunia.com/advisories/29225 29461 http://secunia.com/advisories/29461 29682 http://secunia.com/advisories/29682 ADV-2007-3645 http://www.vupen.com/english/advisories/2007/3645 DSA-1541 http://www.debian.org/security/2008/dsa-1541 FEDORA-2007-741 http://www.redhat.com/archives/fedora-package-announce/2007-November/msg00460.html GLSA-200803-28 http://security.gentoo.org/glsa/glsa-200803-28.xml MDVSA-2008:058 http://www.mandriva.com/security/advisories?name=MDVSA-2008:058 SUSE-SR:2007:024 http://www.novell.com/linux/security/advisories/2007_24_sr.html USN-551-1 http://www.ubuntu.com/usn/usn-551-1 [openldap-announce] 20071026 OpenLDAP 2.3.39 available http://www.openldap.org/lists/openldap-announce/200710/msg00001.html http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5163 Common Vulnerability Exposure (CVE) ID: CVE-2007-6698 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 26245 Bugtraq: 20080212 rPSA-2008-0059-1 openldap openldap-clients openldap-servers (Google Search) http://www.securityfocus.com/archive/1/488242/100/200/threaded Debian Security Information: DSA-1541 (Google Search) https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html http://www.openldap.org/lists/openldap-bugs/200704/msg00068.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748 http://www.redhat.com/support/errata/RHSA-2008-0110.html http://www.securitytracker.com/id?1019480 http://secunia.com/advisories/28817 http://secunia.com/advisories/28953 http://secunia.com/advisories/29068 http://secunia.com/advisories/29256 http://secunia.com/advisories/29957 SuSE Security Announcement: SUSE-SR:2008:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://www.ubuntu.com/usn/usn-584-1 http://www.vupen.com/english/advisories/2009/3184 Common Vulnerability Exposure (CVE) ID: CVE-2008-0658 1019481 http://www.securitytracker.com/id?1019481 20080212 rPSA-2008-0059-1 openldap openldap-clients openldap-servers 27778 http://www.securityfocus.com/bid/27778 28914 http://secunia.com/advisories/28914 28926 http://secunia.com/advisories/28926 28953 29068 29256 29957 ADV-2008-0536 http://www.vupen.com/english/advisories/2008/0536/references ADV-2009-3184 APPLE-SA-2009-11-09-1 RHSA-2008:0110 SUSE-SR:2008:010 USN-584-1 http://support.apple.com/kb/HT3937 http://wiki.rpath.com/Advisories:rPSA-2008-0059 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059 http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modrdn.c.diff?r1=1.197&r2=1.198&f=h http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358 openldap-modrdn-dos(40479) https://exchange.xforce.ibmcloud.com/vulnerabilities/40479 oval:org.mitre.oval:def:9470 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9470
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.