OracleVM 3.3 : openldap (OVMSA-2015-0123)

Medium Nessus Plugin ID 86216


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- CVE-2015-6908 openldap: ber_get_next denial of service vulnerability (#1263171)

- fix: nslcd segfaults due to incorrect mutex initialization (#1144294)

- fix: Updating openldap deletes database if slapd.conf is used (#1193519)

- fix: ppc64: slaptest segfault in openldap-2.4.40 (#1202696)

- fix: bring back accidentaly removed patch (#1147983)

- rebase to 2.4.40 (#1147983)

- fix: make /etc/openldap/check_password.conf readable by ldap (#1155390)

- revert previous patch (#1172296)

- fix: crash in ldap_domain2hostlist when processing SRV record (#1164369)

- support TLS 1.1 and later (#1160467)

- enhancement: add ppolicy-check-password (#1155390)

- fix: prevent freed memory reuse (#1172296)

- fix: provide a shim (#1110382)

- fix: remove correct tmp file when generating server cert (#1102083)

- remove unapplied patches

- fix: TLS_REQCERT documentation in client manpage (#1027796)

- review %configure and remove nonexistent options

- add another missing patch forgotten during the rebase

- fix: enable dynamic linking - unresolved symbols in the smbk5pwd module

- add missing patches that were removed by mistake during the rebase

- rebase to 2.4.39 (#923680)

+ drop a lot of upstreamed patches, backport the rest

+ compile in mdb

+ remove automatic slapd.conf -> slapd-config conversion

- fix: segfault on certain queries with rwm overlay (#1003038)

- fix: deadlock during SSL_ForceHandshake (#996373)

+ revert nss-handshake-threadsafe.patch


Update the affected openldap / openldap-clients packages.

See Also

Plugin Details

Severity: Medium

ID: 86216

File Name: oraclevm_OVMSA-2015-0123.nasl

Version: 2.4

Type: local

Published: 2015/10/01

Updated: 2019/09/27

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:openldap, p-cpe:/a:oracle:vm:openldap-clients, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/09/30

Vulnerability Publication Date: 2015/09/11

Reference Information

CVE: CVE-2015-6908