Mandrake Linux Security Advisory : openldap (MDKSA-2006:208)

medium Nessus Plugin ID 24593


The remote Mandrake Linux host is missing one or more security updates.


An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap.

Packages have been patched to correct this issue.


Update the affected packages.

Plugin Details

Severity: Medium

ID: 24593

File Name: mandrake_MDKSA-2006-208.nasl

Version: 1.18

Type: local

Published: 2/18/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 4.4


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64ldap2.3_0, p-cpe:/a:mandriva:linux:lib64ldap2.3_0-devel, p-cpe:/a:mandriva:linux:lib64ldap2.3_0-static-devel, p-cpe:/a:mandriva:linux:libldap2.3_0, p-cpe:/a:mandriva:linux:libldap2.3_0-devel, p-cpe:/a:mandriva:linux:libldap2.3_0-static-devel, p-cpe:/a:mandriva:linux:openldap, p-cpe:/a:mandriva:linux:openldap-clients, p-cpe:/a:mandriva:linux:openldap-doc, p-cpe:/a:mandriva:linux:openldap-servers, cpe:/o:mandriva:linux:2006, cpe:/o:mandriva:linux:2007

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/14/2006

Reference Information

CVE: CVE-2006-5779

BID: 20939

MDKSA: 2006:208