Detections
Analytics

MiracleLinux 4 : openldap-2.4.23-26.AXS4.2 (AXSA:2012-882:03)

high Nessus Plugin ID 284193

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-882:03 advisory.

 OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.
 Security issues fixed with this release:
 CVE-2012-2668 libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.
 Fixed bug:
 Previously, on smbk5pwd overlay enabled OpenLDAP servers, if a user changed their password, the Microsoft NT LAN Manager (NTLM) and Microsoft LAN Manager (LM) hashes were not computed correctly, leading to the sambaLMPassword and sambaNTPassword attributes being updated with incorrect values and the user not being able to log in from a Samba or a Windows-based client. This has been fixed: the smbk5pwd overlay is now linked against OpenSSL.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/3424

Plugin Details

Severity: High

ID: 284193

File Name: miracle_linux_AXSA-2012-882.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2012-2668

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:openldap-servers, p-cpe:/a:miracle:linux:openldap, p-cpe:/a:miracle:linux:openldap-clients, p-cpe:/a:miracle:linux:openldap-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/12/2012

Vulnerability Publication Date: 6/6/2012

Reference Information

CVE: CVE-2012-2668