Executive Summary

Informations
Name MDVSA-2012:130 First vendor Publication 2012-08-11
Vendor Mandriva Last vendor Modification 2012-08-11
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability was found and corrected in openldap:

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned (CVE-2012-1164).

The updated packages have been patched to correct this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2012:130

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21504
 
Oval ID: oval:org.mitre.oval:def:21504
Title: RHSA-2012:0899: openldap security and bug fix update (Low)
Description: slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.
Family: unix Class: patch
Reference(s): RHSA-2012:0899-04
CESA-2012:0899
CVE-2012-1164
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): openldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23631
 
Oval ID: oval:org.mitre.oval:def:23631
Title: ELSA-2012:0899: openldap security and bug fix update (Low)
Description: slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.
Family: unix Class: patch
Reference(s): ELSA-2012:0899-04
CVE-2012-1164
 Version: 6
Platform(s): Oracle Linux 6
 Product(s): openldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27559
 
Oval ID: oval:org.mitre.oval:def:27559
Title: DEPRECATED: ELSA-2012-0899 -- openldap security and bug fix update (low)
Description: [2.4.23-26] - fix: MozNSS CA cert dir does not work together with PEM CA cert file (#818844) - fix: memory leak: def_urlpre is not freed (#816168) - fix update: Default SSL certificate bundle is not found by openldap library (#742023) [2.4.23-25] - fix update: Default SSL certificate bundle is not found by openldap library (#742023) [2.4.23-24] - fix update: Default SSL certificate bundle is not found by openldap library (#742023) - fix: memberof overlay on the frontend database causes server segfault (#730745) [2.4.23-23] - security fix: CVE-2012-1164: assertion failure by processing search queries requesting only attributes for particular entry (#813162) [2.4.23-22] - fix: libraries leak memory when following referrals (#807363) [2.4.23-21] - fix: ldapsearch crashes with invalid parameters (#743781) - fix: replication (syncrepl) with TLS causes segfault (#783445) - fix: openldap server in MirrorMode sometimes fails to resync via syncrepl (#784211) - use portreserve to reserve LDAPS port (636/tcp+udp) (#790687) - fix: missing options in manual pages of client tools (#745470) - fix: SASL_NOCANON option missing in ldap.conf manual page (#732916) - fix: slapd segfaults when certificate key cannot be loaded (#796808) - Jan Synacek <jsynacek@redhat.com> + fix: overlay constraint with count option work bad with modify operation (#742163) + fix: Default SSL certificate bundle is not found by openldap library (#742023) + fix: Duplicate close() calls in OpenLDAP (#784203)
Family: unix Class: patch
Reference(s): ELSA-2012-0899
CVE-2012-1164
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): openldap
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 190

OpenVAS Exploits

Date Description
2012-08-14 Name : Mandriva Update for openldap MDVSA-2012:130 (openldap)
File : nvt/gb_mandriva_MDVSA_2012_130.nasl
2012-07-30 Name : CentOS Update for openldap CESA-2012:0899 centos6
File : nvt/gb_CESA-2012_0899_openldap_centos6.nasl
2012-07-19 Name : Fedora Update for openldap FEDORA-2012-10023
File : nvt/gb_fedora_2012_10023_openldap_fc16.nasl
2012-06-22 Name : RedHat Update for openldap RHSA-2012:0899-04
File : nvt/gb_RHSA-2012_0899-04_openldap.nasl

Nessus® Vulnerability Scanner

Date Description
2015-05-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2622-1.nasl - Type : ACT_GATHER_INFO
2015-04-20 Name : The remote Debian host is missing a security update.
File : debian_DLA-203.nasl - Type : ACT_GATHER_INFO
2014-07-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-36.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-101.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0899.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-130.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120620_openldap_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-18 Name : The remote Fedora host is missing a security update.
File : fedora_2012-10023.nasl - Type : ACT_GATHER_INFO
2012-07-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0899.nasl - Type : ACT_GATHER_INFO
2012-06-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0899.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:43:05
  • Multiple Updates