Amazon Linux AMI : openldap Cipher Vulnerability (ALAS-2012-117)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite
settings. This resulted in the default cipher suite always being used,
which could lead to weaker than expected ciphers being accepted during
Transport Layer Security (TLS) negotiation with OpenLDAP clients.
(CVE-2012-2668)

See also :

http://www.nessus.org/u?67708247

Solution :

Run 'yum update openldap' to update your system.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69607 ()

Bugtraq ID:

CVE ID: CVE-2012-2668