Test ID:	1.3.6.1.4.1.25623.1.0.60787
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1541-1)
Summary:	The remote host is missing an update for the Debian 'openldap2.3' package(s) announced via the DSA-1541-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'openldap2.3' package(s) announced via the DSA-1541-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5707 Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requests. CVE-2007-5708 Toby Blade discovered that incorrect memory handling in slapo-pcache could lead to denial of service through crafted search requests. CVE-2007-6698 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modify requests. CVE-2008-0658 It was discovered that a programming error in the interface to the BDB storage backend could lead to denial of service through crafted modrdn requests. For the stable distribution (etch), these problems have been fixed in version 2.3.30-5+etch1. For the unstable distribution (sid), these problems have been fixed in version 2.4.7-6.1. We recommend that you upgrade your openldap2.3 packages. Affected Software/OS: 'openldap2.3' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5707 1018924 http://www.securitytracker.com/id?1018924 26245 http://www.securityfocus.com/bid/26245 27424 http://secunia.com/advisories/27424 27587 http://secunia.com/advisories/27587 27596 http://secunia.com/advisories/27596 27683 http://secunia.com/advisories/27683 27756 http://secunia.com/advisories/27756 27868 http://secunia.com/advisories/27868 29461 http://secunia.com/advisories/29461 29682 http://secunia.com/advisories/29682 ADV-2007-3645 http://www.vupen.com/english/advisories/2007/3645 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 APPLE-SA-2009-11-09-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html DSA-1541 http://www.debian.org/security/2008/dsa-1541 FEDORA-2007-741 http://www.redhat.com/archives/fedora-package-announce/2007-November/msg00460.html GLSA-200803-28 http://security.gentoo.org/glsa/glsa-200803-28.xml MDKSA-2007:215 http://www.mandriva.com/security/advisories?name=MDKSA-2007:215 RHSA-2007:1037 http://www.redhat.com/support/errata/RHSA-2007-1037.html RHSA-2007:1038 http://www.redhat.com/support/errata/RHSA-2007-1038.html SUSE-SR:2007:024 http://www.novell.com/linux/security/advisories/2007_24_sr.html USN-551-1 http://www.ubuntu.com/usn/usn-551-1 [openldap-announce] 20071026 OpenLDAP 2.3.39 available http://www.openldap.org/lists/openldap-announce/200710/msg00001.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632 http://support.apple.com/kb/HT3937 http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5119 oval:org.mitre.oval:def:10183 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10183 Common Vulnerability Exposure (CVE) ID: CVE-2007-5708 29225 http://secunia.com/advisories/29225 MDVSA-2008:058 http://www.mandriva.com/security/advisories?name=MDVSA-2008:058 http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5163 Common Vulnerability Exposure (CVE) ID: CVE-2007-6698 BugTraq ID: 26245 Bugtraq: 20080212 rPSA-2008-0059-1 openldap openldap-clients openldap-servers (Google Search) http://www.securityfocus.com/archive/1/488242/100/200/threaded Debian Security Information: DSA-1541 (Google Search) https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html http://www.openldap.org/lists/openldap-bugs/200704/msg00068.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748 http://www.redhat.com/support/errata/RHSA-2008-0110.html http://www.securitytracker.com/id?1019480 http://secunia.com/advisories/28817 http://secunia.com/advisories/28953 http://secunia.com/advisories/29068 http://secunia.com/advisories/29256 http://secunia.com/advisories/29957 SuSE Security Announcement: SUSE-SR:2008:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://www.ubuntu.com/usn/usn-584-1 Common Vulnerability Exposure (CVE) ID: CVE-2008-0658 1019481 http://www.securitytracker.com/id?1019481 20080212 rPSA-2008-0059-1 openldap openldap-clients openldap-servers 27778 http://www.securityfocus.com/bid/27778 28914 http://secunia.com/advisories/28914 28926 http://secunia.com/advisories/28926 28953 29068 29256 29957 ADV-2008-0536 http://www.vupen.com/english/advisories/2008/0536/references RHSA-2008:0110 SUSE-SR:2008:010 USN-584-1 http://wiki.rpath.com/Advisories:rPSA-2008-0059 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059 http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modrdn.c.diff?r1=1.197&r2=1.198&f=h http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358 openldap-modrdn-dos(40479) https://exchange.xforce.ibmcloud.com/vulnerabilities/40479 oval:org.mitre.oval:def:9470 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9470
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.