OracleVM 3.3 : openldap (OVMSA-2015-0123)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- CVE-2015-6908 openldap: ber_get_next denial of service
vulnerability (#1263171)

- fix: nslcd segfaults due to incorrect mutex
initialization (#1144294)

- fix: Updating openldap deletes database if slapd.conf is
used (#1193519)

- fix: ppc64: slaptest segfault in openldap-2.4.40
(#1202696)

- fix: bring back accidentaly removed patch (#1147983)

- rebase to 2.4.40 (#1147983)

- fix: make /etc/openldap/check_password.conf readable by
ldap (#1155390)

- revert previous patch (#1172296)

- fix: crash in ldap_domain2hostlist when processing SRV
record (#1164369)

- support TLS 1.1 and later (#1160467)

- enhancement: add ppolicy-check-password (#1155390)

- fix: prevent freed memory reuse (#1172296)

- fix: provide a shim libldif.so (#1110382)

- fix: remove correct tmp file when generating server cert
(#1102083)

- remove unapplied patches

- fix: TLS_REQCERT documentation in client manpage
(#1027796)

- review %configure and remove nonexistent options

- add another missing patch forgotten during the rebase

- fix: enable dynamic linking - unresolved symbols in the
smbk5pwd module

- add missing patches that were removed by mistake during
the rebase

- rebase to 2.4.39 (#923680)

+ drop a lot of upstreamed patches, backport the rest

+ compile in mdb

+ remove automatic slapd.conf -> slapd-config conversion

- fix: segfault on certain queries with rwm overlay
(#1003038)

- fix: deadlock during SSL_ForceHandshake (#996373)

+ revert nss-handshake-threadsafe.patch

See also :

http://www.nessus.org/u?06953aae

Solution :

Update the affected openldap / openldap-clients packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 86216 ()

Bugtraq ID:

CVE ID: CVE-2015-6908

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now