Debian DLA-2425-1 : openldap security update

high Nessus Plugin ID 142199

Language:

Synopsis

The remote Debian host is missing a security update.

Description

A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet.

For Debian 9 stretch, this problem has been fixed in version 2.4.44+dfsg-5+deb9u5.

We recommend that you upgrade your openldap packages.

For the detailed security status of openldap please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/openldap

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected packages.

Plugin Details

Severity: High

ID: 142199

File Name: debian_DLA-2425.nasl

Version: 1.1

Type: local

Agent: unix

Family: Debian Local Security Checks

Published: 11/2/2020

Updated: 11/2/2020

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:ldap-utils, p-cpe:/a:debian:debian_linux:libldap-2.4-2, p-cpe:/a:debian:debian_linux:libldap-2.4-2-dbg, p-cpe:/a:debian:debian_linux:libldap-common, p-cpe:/a:debian:debian_linux:libldap2-dev, p-cpe:/a:debian:debian_linux:slapd, p-cpe:/a:debian:debian_linux:slapd-dbg, p-cpe:/a:debian:debian_linux:slapd-smbk5pwd, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 11/1/2020

Vulnerability Publication Date: 11/1/2020

Detections

Analytics