Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title OpenLDAP vulnerabilities
Informations
Name USN-2622-1 First vendor Publication 2015-05-26
Vendor Ubuntu Last vendor Modification 2015-05-26
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS

Summary:

OpenLDAP could be made to crash if it received specially crafted network traffic.

Software Description: - openldap: OpenLDAP utilities

Details:

It was discovered that OpenLDAP incorrectly handled certain search queries that returned empty attributes. A remote attacker could use this issue to cause OpenLDAP to assert, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1164)

Michael Vishchers discovered that OpenLDAP improperly counted references when the rwm overlay was used. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2013-4449)

It was discovered that OpenLDAP incorrectly handled certain empty attribute lists in search requests. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2015-1545)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04:
slapd 2.4.31-1+nmu2ubuntu12.1

Ubuntu 14.10:
slapd 2.4.31-1+nmu2ubuntu11.1

Ubuntu 14.04 LTS:
slapd 2.4.31-1+nmu2ubuntu8.1

Ubuntu 12.04 LTS:
slapd 2.4.28-1.1ubuntu4.5

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2622-1
CVE-2012-1164, CVE-2013-4449, CVE-2015-1545

Package Information:
https://launchpad.net/ubuntu/+source/openldap/2.4.31-1+nmu2ubuntu12.1
https://launchpad.net/ubuntu/+source/openldap/2.4.31-1+nmu2ubuntu11.1
https://launchpad.net/ubuntu/+source/openldap/2.4.31-1+nmu2ubuntu8.1
https://launchpad.net/ubuntu/+source/openldap/2.4.28-1.1ubuntu4.5

Original Source

Url : http://www.ubuntu.com/usn/USN-2622-1

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-189 Numeric Errors (CWE/SANS Top 25)
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21504
 
Oval ID: oval:org.mitre.oval:def:21504
Title: RHSA-2012:0899: openldap security and bug fix update (Low)
Description: slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.
Family: unix Class: patch
Reference(s): RHSA-2012:0899-04
CESA-2012:0899
CVE-2012-1164
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): openldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22531
 
Oval ID: oval:org.mitre.oval:def:22531
Title: RHSA-2014:0126: openldap security and bug fix update (Moderate)
Description: The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
Family: unix Class: patch
Reference(s): RHSA-2014:0126-00
CESA-2014:0126
CVE-2013-4449
Version: 8
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): openldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23631
 
Oval ID: oval:org.mitre.oval:def:23631
Title: ELSA-2012:0899: openldap security and bug fix update (Low)
Description: slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.
Family: unix Class: patch
Reference(s): ELSA-2012:0899-04
CVE-2012-1164
Version: 6
Platform(s): Oracle Linux 6
Product(s): openldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23794
 
Oval ID: oval:org.mitre.oval:def:23794
Title: ELSA-2014:0126: openldap security and bug fix update (Moderate)
Description: The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
Family: unix Class: patch
Reference(s): ELSA-2014:0126-00
CVE-2013-4449
Version: 6
Platform(s): Oracle Linux 6
Product(s): openldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24289
 
Oval ID: oval:org.mitre.oval:def:24289
Title: ELSA-2014:0206: openldap security update (Moderate)
Description: OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449) Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue. All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Family: unix Class: patch
Reference(s): ELSA-2014:0206-00
CVE-2013-4449
Version: 5
Platform(s): Oracle Linux 5
Product(s): openldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24327
 
Oval ID: oval:org.mitre.oval:def:24327
Title: RHSA-2014:0206: openldap security update (Moderate)
Description: The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
Family: unix Class: patch
Reference(s): RHSA-2014:0206-00
CESA-2014:0206
CVE-2013-4449
Version: 7
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27309
 
Oval ID: oval:org.mitre.oval:def:27309
Title: DEPRECATED: ELSA-2014-0126 -- openldap security and bug fix update (moderate)
Description: [2.4.23-34.1] - fix: segfault on certain queries with rwm overlay (#1058250) [2.4.23-34] - fix: deadlock during SSL_ForceHandshake (#996373) + revert nss-handshake-threadsafe.patch
Family: unix Class: patch
Reference(s): ELSA-2014-0126
CVE-2013-4449
Version: 4
Platform(s): Oracle Linux 6
Product(s): openldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27346
 
Oval ID: oval:org.mitre.oval:def:27346
Title: DEPRECATED: ELSA-2014-0206 -- openldap security update (moderate)
Description: [2.3.43-27] - fix: CVE-2013-4449 segfault on certain queries with rwm overlay (#1064145) [2.3.43-26] - fix: do not send IPv6 DNS queries when IPv6 is disabled on the host (#812772)
Family: unix Class: patch
Reference(s): ELSA-2014-0206
CVE-2013-4449
Version: 4
Platform(s): Oracle Linux 5
Product(s): openldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27559
 
Oval ID: oval:org.mitre.oval:def:27559
Title: DEPRECATED: ELSA-2012-0899 -- openldap security and bug fix update (low)
Description: [2.4.23-26] - fix: MozNSS CA cert dir does not work together with PEM CA cert file (#818844) - fix: memory leak: def_urlpre is not freed (#816168) - fix update: Default SSL certificate bundle is not found by openldap library (#742023) [2.4.23-25] - fix update: Default SSL certificate bundle is not found by openldap library (#742023) [2.4.23-24] - fix update: Default SSL certificate bundle is not found by openldap library (#742023) - fix: memberof overlay on the frontend database causes server segfault (#730745) [2.4.23-23] - security fix: CVE-2012-1164: assertion failure by processing search queries requesting only attributes for particular entry (#813162) [2.4.23-22] - fix: libraries leak memory when following referrals (#807363) [2.4.23-21] - fix: ldapsearch crashes with invalid parameters (#743781) - fix: replication (syncrepl) with TLS causes segfault (#783445) - fix: openldap server in MirrorMode sometimes fails to resync via syncrepl (#784211) - use portreserve to reserve LDAPS port (636/tcp+udp) (#790687) - fix: missing options in manual pages of client tools (#745470) - fix: SASL_NOCANON option missing in ldap.conf manual page (#732916) - fix: slapd segfaults when certificate key cannot be loaded (#796808) - Jan Synacek <jsynacek@redhat.com> + fix: overlay constraint with count option work bad with modify operation (#742163) + fix: Default SSL certificate bundle is not found by openldap library (#742023) + fix: Duplicate close() calls in OpenLDAP (#784203)
Family: unix Class: patch
Reference(s): ELSA-2012-0899
CVE-2012-1164
Version: 4
Platform(s): Oracle Linux 6
Product(s): openldap
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 201
Os 2

OpenVAS Exploits

Date Description
2012-08-14 Name : Mandriva Update for openldap MDVSA-2012:130 (openldap)
File : nvt/gb_mandriva_MDVSA_2012_130.nasl
2012-07-30 Name : CentOS Update for openldap CESA-2012:0899 centos6
File : nvt/gb_CESA-2012_0899_openldap_centos6.nasl
2012-07-19 Name : Fedora Update for openldap FEDORA-2012-10023
File : nvt/gb_fedora_2012_10023_openldap_fc16.nasl
2012-06-22 Name : RedHat Update for openldap RHSA-2012:0899-04
File : nvt/gb_RHSA-2012_0899-04_openldap.nasl

Snort® IPS/IDS

Date Description
2016-12-13 OpenLDAP deref control denial of service attempt
RuleID : 40760 - Revision : 2 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2016-06-22 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0069.nasl - Type : ACT_GATHER_INFO
2015-08-03 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-526.nasl - Type : ACT_GATHER_INFO
2015-06-18 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1077-1.nasl - Type : ACT_GATHER_INFO
2015-05-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2622-1.nasl - Type : ACT_GATHER_INFO
2015-05-18 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_openldap2-20150423-150413.nasl - Type : ACT_GATHER_INFO
2015-04-20 Name : The remote Debian host is missing a security update.
File : debian_DLA-203.nasl - Type : ACT_GATHER_INFO
2015-04-14 Name : The remote Fedora host is missing a security update.
File : fedora_2015-2055.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO
2015-03-31 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3209.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-074.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-073.nasl - Type : ACT_GATHER_INFO
2014-07-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-36.nasl - Type : ACT_GATHER_INFO
2014-03-11 Name : The remote Fedora host is missing a security update.
File : fedora_2014-2967.nasl - Type : ACT_GATHER_INFO
2014-03-02 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-294.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140224_openldap_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0206.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0206.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0206.nasl - Type : ACT_GATHER_INFO
2014-02-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-026.nasl - Type : ACT_GATHER_INFO
2014-02-12 Name : The remote Fedora host is missing a security update.
File : fedora_2014-2012.nasl - Type : ACT_GATHER_INFO
2014-02-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140203_openldap_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-02-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0126.nasl - Type : ACT_GATHER_INFO
2014-02-04 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0126.nasl - Type : ACT_GATHER_INFO
2014-02-04 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0126.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-101.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0899.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-130.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120620_openldap_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-18 Name : The remote Fedora host is missing a security update.
File : fedora_2012-10023.nasl - Type : ACT_GATHER_INFO
2012-07-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0899.nasl - Type : ACT_GATHER_INFO
2012-06-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0899.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2015-05-28 13:28:01
  • Multiple Updates
2015-05-26 21:25:18
  • First insertion