Detections
Analytics
Mandriva Linux Security Advisory : openldap (MDVSA-2008:058)
high Nessus Plugin ID 37371
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of service (CVE-2007-5708).Two vulnerabilities were found in how slapd handled modify (prior to 2.3.26) and modrdn (prior to 2.3.29) requests with NOOP control on objects stored in the BDB backend. An authenticated user with permission to perform modify (CVE-2007-6698) or modrdn (CVE-2008-0658) operations could cause slapd to crash.
The updated packages have been patched to correct these issues.
Solution
Update the affected packages.Plugin Details
Severity: High
ID: 37371
File Name: mandriva_MDVSA-2008-058.nasl
Version: 1.14
Type: local
Family: Mandriva Local Security Checks
Published: 4/23/2009
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: High
Base Score: 7.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:lib64ldap2.3_0, p-cpe:/a:mandriva:linux:lib64ldap2.3_0-devel, p-cpe:/a:mandriva:linux:lib64ldap2.3_0-static-devel, p-cpe:/a:mandriva:linux:libldap2.3_0, p-cpe:/a:mandriva:linux:libldap2.3_0-devel, p-cpe:/a:mandriva:linux:libldap2.3_0-static-devel, p-cpe:/a:mandriva:linux:openldap, p-cpe:/a:mandriva:linux:openldap-clients, p-cpe:/a:mandriva:linux:openldap-doc, p-cpe:/a:mandriva:linux:openldap-servers, p-cpe:/a:mandriva:linux:openldap-testprogs, p-cpe:/a:mandriva:linux:openldap-tests, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1, cpe:/o:mandriva:linux:2008.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 3/5/2008
Reference Information
CVE: CVE-2007-5708, CVE-2007-6698, CVE-2008-0658
CWE: 399
MDVSA: 2008:058