Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 068-1 (openldap)

Information

Severity

Severity

Medium

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

16 years ago

Modified

Modified

6 years ago

Share

Summary

The remote host is missing an update to openldap announced via advisory DSA 068-1.

Insight

Insight

CERT released their advisory CA-2001-18 which lists a number of vulnerabilities in various LDAP implementations. based on the results of the PROTOS LDAPv3 test suite. These tests found one problem in OpenLDAP, a free LDAP implementation that is shipped as part of Debian GNU/Linux 2.2. The problem is that slapd did not handle packets with an invalid BER length of length fields and would crash if it received those. An attacked can use this to mount a denial of service attack remotely. This problem has been fixed in version 1.2.11-1, and we recommend that you upgrade your slapd package immediately.

Solution

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20068-1

Common Vulnerabilities and Exposures (CVE)