Executive Summary
Summary | |
---|---|
Title | OpenLDAP vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-551-1 | First vendor Publication | 2007-12-04 |
Vendor | Ubuntu | Last vendor Modification | 2007-12-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: Ubuntu 7.04: Ubuntu 7.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Thomas Sesselmann discovered that the OpenLDAP slapd server did not properly handle certain modify requests. A remote attacker could send malicious modify requests to the server and cause a denial of service. (CVE-2007-5707) Toby Blake discovered that slapd did not properly terminate an array while running as a proxy-caching server. A remote attacker may be able to send crafted search requests to the server and cause a denial of service. This issue only affects Ubuntu 7.04 and 7.10. (CVE-2007-5708) |
Original Source
Url : http://www.ubuntu.com/usn/USN-551-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10183 | |||
Oval ID: | oval:org.mitre.oval:def:10183 | ||
Title: | OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent. | ||
Description: | OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5707 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17649 | |||
Oval ID: | oval:org.mitre.oval:def:17649 | ||
Title: | USN-551-1 -- openldap vulnerabilities | ||
Description: | Thomas Sesselmann discovered that the OpenLDAP slapd server did not properly handle certain modify requests. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-551-1 CVE-2007-5707 CVE-2007-5708 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | openldap2.2 openldap2.3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21706 | |||
Oval ID: | oval:org.mitre.oval:def:21706 | ||
Title: | ELSA-2007:1037: openldap security and enhancement update (Important) | ||
Description: | OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:1037-01 CVE-2007-5707 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | openldap |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2009-04-09 | Name : Mandriva Update for openldap MDKSA-2007:215 (openldap) File : nvt/gb_mandriva_MDKSA_2007_215.nasl |
2009-04-09 | Name : Mandriva Update for openldap MDVSA-2008:058 (openldap) File : nvt/gb_mandriva_MDVSA_2008_058.nasl |
2009-03-23 | Name : Ubuntu Update for openldap vulnerabilities USN-551-1 File : nvt/gb_ubuntu_USN_551_1.nasl |
2009-02-27 | Name : Fedora Update for openldap FEDORA-2007-2796 File : nvt/gb_fedora_2007_2796_openldap_fc8.nasl |
2009-02-27 | Name : Fedora Update for openldap FEDORA-2007-3124 File : nvt/gb_fedora_2007_3124_openldap_fc7.nasl |
2009-02-27 | Name : Fedora Update for openldap FEDORA-2007-741 File : nvt/gb_fedora_2007_741_openldap_fc6.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-28 (openldap) File : nvt/glsa_200803_28.nasl |
2008-09-04 | Name : FreeBSD Ports: openldap-server File : nvt/freebsd_openldap-server0.nasl |
2008-04-21 | Name : Debian Security Advisory DSA 1541-1 (openldap2.3) File : nvt/deb_1541_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
38485 | OpenLDAP slapd slapo-pcache Unspecified Remote DoS |
38484 | OpenLDAP slapd Crafted LDAP Request Remote DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1038.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071115_openldap_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071108_openldap_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-058.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1541.nasl - Type : ACT_GATHER_INFO |
2008-03-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-28.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openldap2-4679.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-551-1.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote openSUSE host is missing a security update. File : suse_openldap2-4677.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3124.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1038.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-741.nasl - Type : ACT_GATHER_INFO |
2007-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2796.nasl - Type : ACT_GATHER_INFO |
2007-11-09 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-215.nasl - Type : ACT_GATHER_INFO |
2007-11-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1037.nasl - Type : ACT_GATHER_INFO |
2007-11-01 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_db449245870d11dca3ec001921ab2fa4.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:49 |
|