Test ID:	1.3.6.1.4.1.25623.1.0.703868
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-3868-1)
Summary:	The remote host is missing an update for the Debian 'openldap' package(s) announced via the DSA-3868-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'openldap' package(s) announced via the DSA-3868-1 advisory. Vulnerability Insight: Karsten Heymann discovered that the OpenLDAP directory server can be crashed by performing a paged search with a page size of 0, resulting in denial of service. This vulnerability is limited to the MDB storage backend. For the stable distribution (jessie), this problem has been fixed in version 2.4.40+dfsg-1+deb8u3. For the unstable distribution (sid), this problem has been fixed in version 2.4.44+dfsg-5. We recommend that you upgrade your openldap packages. Affected Software/OS: 'openldap' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-9287 BugTraq ID: 98736 http://www.securityfocus.com/bid/98736 http://www.openldap.org/its/?findid=8655 https://bugs.debian.org/863563 https://kc.mcafee.com/corporate/index?page=content&id=SB10365 Debian Security Information: DSA-3868 (Google Search) http://www.debian.org/security/2017/dsa-3868 https://www.oracle.com/security-alerts/cpuapr2022.html RedHat Security Advisories: RHSA-2017:1852 https://access.redhat.com/errata/RHSA-2017:1852 http://www.securitytracker.com/id/1038591
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.