Mandriva Linux Security Advisory : openldap (MDVSA-2010:026)

NASLDB: Mandriva Linux Security Advisory : openldap (MDVSA-2010:026)

General

ID: 44321
Name: Mandriva Linux Security Advisory : openldap (MDVSA-2010:026)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: –

Port: 0
Family: Mandriva Local Security Checks
Type: Local

Description

A vulnerability was discovered and corrected in openldap :

libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not
properly handle a ‘’ (NUL) character in a domain name in the
subject’s Common Name (CN) field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a
crafted certificate issued by a legitimate Certification Authority, a
related issue to CVE-2009-2408 (CVE-2009-3767).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2009-3767
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2010/01/26
Plugin Release: 2010/01/27

Plugin

Version: 1.10
Filename: mandriva_MDVSA-2010-026.nasl
Filesize: 7293 bytes
MD5 Hash: 03dcae71099dec87839cff75d4318027

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG