Mandriva Linux Security Advisory : cherokee (MDVSA-2015:225)

Medium Nessus Plugin ID 83249

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated cherokee packages fix security vulnerability :

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password (CVE-2014-4668).

Solution

Update the affected packages.

Mandriva Linux Security Advisory : cherokee (MDVSA-2015:225)

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

Vulnerability Information

Reference Information