Detections
Analytics

OracleVM 3.3 : openldap (OVMSA-2015-0123)

medium Nessus Plugin ID 86216

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - CVE-2015-6908 openldap: ber_get_next denial of service vulnerability (#1263171)

 - fix: nslcd segfaults due to incorrect mutex initialization (#1144294)

 - fix: Updating openldap deletes database if slapd.conf is used (#1193519)

 - fix: ppc64: slaptest segfault in openldap-2.4.40 (#1202696)

 - fix: bring back accidentaly removed patch (#1147983)

 - rebase to 2.4.40 (#1147983)

 - fix: make /etc/openldap/check_password.conf readable by ldap (#1155390)

 - revert previous patch (#1172296)

 - fix: crash in ldap_domain2hostlist when processing SRV record (#1164369)

 - support TLS 1.1 and later (#1160467)

 - enhancement: add ppolicy-check-password (#1155390)

 - fix: prevent freed memory reuse (#1172296)

 - fix: provide a shim libldif.so (#1110382)

 - fix: remove correct tmp file when generating server cert (#1102083)

 - remove unapplied patches

 - fix: TLS_REQCERT documentation in client manpage (#1027796)

 - review %configure and remove nonexistent options

 - add another missing patch forgotten during the rebase

 - fix: enable dynamic linking - unresolved symbols in the smbk5pwd module

 - add missing patches that were removed by mistake during the rebase

 - rebase to 2.4.39 (#923680)

 + drop a lot of upstreamed patches, backport the rest

 + compile in mdb

 + remove automatic slapd.conf -> slapd-config conversion

 - fix: segfault on certain queries with rwm overlay (#1003038)

 - fix: deadlock during SSL_ForceHandshake (#996373)

 + revert nss-handshake-threadsafe.patch

Solution

Update the affected openldap / openldap-clients packages.

See Also

http://www.nessus.org/u?06953aae

Plugin Details

Severity: Medium

ID: 86216

File Name: oraclevm_OVMSA-2015-0123.nasl

Version: 2.5

Type: local

Published: 10/1/2015

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:openldap, p-cpe:/a:oracle:vm:openldap-clients, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2015

Vulnerability Publication Date: 9/11/2015

Reference Information

CVE: CVE-2015-6908