OracleVM 3.2 : openldap (OVMSA-2016-0069)

Medium Nessus Plugin ID 91749


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- CVE-2015-6908 openldap: ber_get_next denial of service vulnerability (#1263170)

- fix: syncprov psearch race condition (#999811)

- fix: CVE-2013-4449 segfault on certain queries with rwm overlay (#1064146)

- fix: do not send IPv6 DNS queries when IPv6 is disabled on the host (#812772)

- fix: disable static libraries stripping (#684630)

- fix: memory leaks in syncrepl and slap_sl_free (#741184)

- new feature update: honor priority/weight with ldap_domain2hostlist (#733435)

- fix: initscript marked as %config incorrectly (#738768)

- new feature: honor priority/weight with ldap_domain2hostlist (#733435)

- fix: strict aliasing warnings during package build (#732381)

- fix: OpenLDAP packages lack debug data (#684630)

- doc: Document preferred use of TLS_CACERT instead of TLS_CACERTDIR to specify Certificate Authorities (#699652)

- fix: libldap ignores a directory of CA certificates if any of them can't be read (#609722)

- fix: Migration: can't handle duplicate entries (#563148)

- fix: Init script is working wrong if database recovery is needed (#604092)

- fix: CVE-2011-1024 ppolicy forwarded bind failure messages cause success (#680486)

- fix: slapd concurrent access to connections causes slapd to silently die (#641953)

- backport: ldap_init_fd API function

- fix: ppolicy crash while replace-deleting userPassword attribute (#665951)

- fix: connection freeze when using TLS (#591419)

- don't remove task twice during replication

- fixed segfault issues in modrdn (#606375)

- added patch handling null char in TLS to compat package (#606375, patch backported by Jan Vcelak )


Update the affected openldap / openldap-clients packages.

See Also

Plugin Details

Severity: Medium

ID: 91749

File Name: oraclevm_OVMSA-2016-0069.nasl

Version: $Revision: 2.3 $

Type: local

Published: 2016/06/22

Modified: 2017/02/14

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:openldap, p-cpe:/a:oracle:vm:openldap-clients, cpe:/o:oracle:vm_server:3.2

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/06/21

Reference Information

CVE: CVE-2011-1024, CVE-2013-4449, CVE-2015-6908

BID: 46363, 63190

OSVDB: 72528, 98656, 127342