Mandrake Linux Security Advisory : kolab-server (MDKSA-2004:052)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Luca Villani reported the disclosure of critical configuration
information within Kolab, the KDE Groupware server. The affected
versions store OpenLDAP passwords in plain text. The heart of Kolab is
an engine written in Perl that rewrites configuration for certain
applications based on templates. The build() function in the engine
left slapd.conf world-readable exhibiting the OpenLDAP root password.

See also :

http://www.kolab.org/pipermail/kolab-users/2004-April/000215.html

Solution :

Update the affected kolab-server package.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14151 (mandrake_MDKSA-2004-052.nasl)

Bugtraq ID:

CVE ID: CVE-2004-1997

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now