According to the versions of the compat-openldap package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to an assertion failure in slapd in the saslAuthzTo     validation, resulting in denial of     service.(CVE-2020-36222)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to a slapd crash in the Values Return Filter control     handling, resulting in denial of service (double free     and out-of-bounds read).(CVE-2020-36223)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to an invalid pointer free and slapd crash in the     saslAuthzTo processing, resulting in denial of     service.(CVE-2020-36224)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to a double free and slapd crash in the saslAuthzTo     processing, resulting in denial of     service.(CVE-2020-36225)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to a memch->bv_len miscalculation and slapd crash in     the saslAuthzTo processing, resulting in denial of     service.(CVE-2020-36226)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to an infinite loop in slapd with the cancel_extop     Cancel operation, resulting in denial of     service.(CVE-2020-36227)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Detections

Analytics

EulerOS 2.0 SP5 : compat-openldap (EulerOS-SA-2021-1916)

high Nessus Plugin ID 149592

Version 1.3