Executive Summary
Summary | |
---|---|
Title | OpenLDAP vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-2742-1 | First vendor Publication | 2015-09-16 |
Vendor | Ubuntu | Last vendor Modification | 2015-09-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in OpenLDAP. Software Description: - openldap: OpenLDAP utilities Details: Denis Andzakovic discovered that OpenLDAP incorrectly handled certain BER data. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2015-6908) Dietrich Clauss discovered that the OpenLDAP package incorrectly shipped with a potentially unsafe default access control configuration. Depending on how the database is configure, this may allow users to impersonate others by modifying attributes such as their Unix user and group numbers. (CVE-2014-9713) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: Ubuntu 14.04 LTS: Ubuntu 12.04 LTS: In general, a standard system update will make all the necessary changes. For existing installations, access rules that begin with "to *" need to be manually adjusted to remove any instances of "by self write". References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-2742-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2017-02-23 | OpenLDAP BER Message denial of service attempt RuleID : 41382 - Revision : 2 - Type : SERVER-OTHER |
2017-02-23 | OpenLDAP BER Message denial of service attempt RuleID : 41381 - Revision : 2 - Type : SERVER-OTHER |
2017-02-23 | OpenLDAP BER Message denial of service attempt RuleID : 41380 - Revision : 2 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-06-22 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0069.nasl - Type : ACT_GATHER_INFO |
2016-02-03 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-104.nasl - Type : ACT_GATHER_INFO |
2016-02-03 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-102.nasl - Type : ACT_GATHER_INFO |
2016-01-26 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0224-1.nasl - Type : ACT_GATHER_INFO |
2016-01-26 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-92.nasl - Type : ACT_GATHER_INFO |
2016-01-14 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0090-1.nasl - Type : ACT_GATHER_INFO |
2015-12-11 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2015-008.nasl - Type : ACT_GATHER_INFO |
2015-12-10 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_11_2.nasl - Type : ACT_GATHER_INFO |
2015-10-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1840.nasl - Type : ACT_GATHER_INFO |
2015-10-13 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-599.nasl - Type : ACT_GATHER_INFO |
2015-10-01 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0123.nasl - Type : ACT_GATHER_INFO |
2015-09-30 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150929_openldap_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2015-09-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1840.nasl - Type : ACT_GATHER_INFO |
2015-09-30 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1840.nasl - Type : ACT_GATHER_INFO |
2015-09-17 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2742-1.nasl - Type : ACT_GATHER_INFO |
2015-09-15 | Name : The remote Debian host is missing a security update. File : debian_DLA-309.nasl - Type : ACT_GATHER_INFO |
2015-09-14 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4910d16158a411e59ad814dae9d210b8.nasl - Type : ACT_GATHER_INFO |
2015-09-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3356.nasl - Type : ACT_GATHER_INFO |
2015-04-20 | Name : The remote Debian host is missing a security update. File : debian_DLA-203.nasl - Type : ACT_GATHER_INFO |
2015-03-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3209.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-09-18 13:23:35 |
|
2015-09-16 21:22:02 |
|