Test ID:	1.3.6.1.4.1.25623.1.0.840291
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-584-1)
Summary:	The remote host is missing an update for the 'openldap2.2, openldap2.3' package(s) announced via the USN-584-1 advisory.
Description:	Summary: The remote host is missing an update for the 'openldap2.2, openldap2.3' package(s) announced via the USN-584-1 advisory. Vulnerability Insight: Jonathan Clarke discovered that the OpenLDAP slapd server did not properly handle modify requests when using the Berkeley DB backend and specifying the NOOP control. An authenticated user with modify permissions could send a crafted modify request and cause a denial of service via application crash. Ubuntu 7.10 is not affected by this issue. (CVE-2007-6698) Ralf Haferkamp discovered that the OpenLDAP slapd server did not properly handle modrdn requests when using the Berkeley DB backend and specifying the NOOP control. An authenticated user with modrdn permissions could send a crafted modrdn request and possibly cause a denial of service via application crash. (CVE-2007-6698) Affected Software/OS: 'openldap2.2, openldap2.3' package(s) on Ubuntu 6.06, Ubuntu 6.10, Ubuntu 7.04, Ubuntu 7.10. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6698 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 26245 http://www.securityfocus.com/bid/26245 Bugtraq: 20080212 rPSA-2008-0059-1 openldap openldap-clients openldap-servers (Google Search) http://www.securityfocus.com/archive/1/488242/100/200/threaded Debian Security Information: DSA-1541 (Google Search) http://www.debian.org/security/2008/dsa-1541 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00105.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:058 http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html http://www.openldap.org/lists/openldap-bugs/200704/msg00068.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10748 http://www.redhat.com/support/errata/RHSA-2008-0110.html http://www.securitytracker.com/id?1019480 http://secunia.com/advisories/28817 http://secunia.com/advisories/28953 http://secunia.com/advisories/29068 http://secunia.com/advisories/29225 http://secunia.com/advisories/29256 http://secunia.com/advisories/29682 http://secunia.com/advisories/29957 SuSE Security Announcement: SUSE-SR:2008:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://www.ubuntu.com/usn/usn-584-1 http://www.vupen.com/english/advisories/2009/3184 Common Vulnerability Exposure (CVE) ID: CVE-2008-0658 1019481 http://www.securitytracker.com/id?1019481 20080212 rPSA-2008-0059-1 openldap openldap-clients openldap-servers 27778 http://www.securityfocus.com/bid/27778 28914 http://secunia.com/advisories/28914 28926 http://secunia.com/advisories/28926 28953 29068 29225 29256 29461 http://secunia.com/advisories/29461 29682 29957 ADV-2008-0536 http://www.vupen.com/english/advisories/2008/0536/references ADV-2009-3184 APPLE-SA-2009-11-09-1 DSA-1541 GLSA-200803-28 http://security.gentoo.org/glsa/glsa-200803-28.xml MDVSA-2008:058 RHSA-2008:0110 SUSE-SR:2008:010 USN-584-1 http://support.apple.com/kb/HT3937 http://wiki.rpath.com/Advisories:rPSA-2008-0059 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0059 http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modrdn.c.diff?r1=1.197&r2=1.198&f=h http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358 openldap-modrdn-dos(40479) https://exchange.xforce.ibmcloud.com/vulnerabilities/40479 oval:org.mitre.oval:def:9470 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9470
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.