NASLDB: Scientific Linux Security Update : openldap on SL6.x i386/x86_64
General
ID: 61455
Name: Scientific Linux Security Update : openldap on SL6.x i386/x86_64
Summary: Checks rpm output for the updated packages
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS Temporal Vector: –
Port: 0
Family: Scientific Linux Local Security Checks
Type: Local
Description
It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite
settings. This resulted in the default cipher suite always being used,
which could lead to weaker than expected ciphers being accepted during
Transport Layer Security (TLS) negotiation with OpenLDAP clients.
(CVE-2012-2668)
This update also fixes the following bug :
– When the smbk5pwd overlay was enabled in an OpenLDAP
server, and a user changed their password, the Microsoft
NT LAN Manager (NTLM) and Microsoft LAN Manager (LM)
hashes were not computed correctly. This led to the
sambaLMPassword and sambaNTPassword attributes being
updated with incorrect values, preventing the user
logging in using a Windows-based client or a Samba
client.
With this update, the smbk5pwd overlay is linked against OpenSSL. As
such, the NTLM and LM hashes are computed correctly, and password
changes work as expected when using smbk5pwd. (BZ#844428)
After installing this update, the OpenLDAP daemons will be restarted
automatically.
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2012-2668
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2012/08/08
Plugin Release: 2012/08/09
Plugin
Version: 1.1
Filename: sl_20120808_openldap_on_SL6_x.nasl
Filesize: 4051 bytes
MD5 Hash: c19abd34d79471ca7b97ab02093747a2
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack