NASLDB: RHSA-2007-1037: compat-openldap
General
ID: 27853
Name: RHSA-2007-1037: compat-openldap
Summary: Check for the version of the compat-openldap packages
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS Temporal Vector: –
Port: 0
Family: Red Hat Local Security Checks
Type: Local
Description
Updated openldap packages that fix a security flaw are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools.
A flaw was found in the way OpenLDAP\‘s slapd daemon handled malformed
objectClasses LDAP attributes. A local or remote attacker could create an
LDAP request which could cause a denial of service by crashing slapd.
(CVE-2007-5707)
In addition, the following feature was added:
* OpenLDAP client tools now have new option to configure their bind timeout.
All users are advised to upgrade to these updated openldap packages, which
contain a backported patch to correct this issue and provide this security
enhancement.
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2007-5707
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2007/11/09
Plugin
Version: 1.10
Filename: redhat-RHSA-2007-1037.nasl
Filesize: 3078 bytes
MD5 Hash: 23227ecbcaa52bd6ea1eb2cdee400294
Identification: Host/RedHat/rpm-list
Require Keys: Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"
Copyright: This script is Copyright© 2007-2011 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack