This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
A vulnerability was discovered and corrected in openldap :
libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not
properly handle a '�' (NUL) character in a domain name in the
subject's Common Name (CN) field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a
crafted certificate issued by a legitimate Certification Authority, a
related issue to CVE-2009-2408 (CVE-2009-3767).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
The updated packages have been patched to correct this issue.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true