CentOS Update For Compat-openldap CESA-2008:0110 Centos4 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.

Affected

compat-openldap on CentOS 4

References

http://lists.centos.org/pipermail/centos-announce/2008-February/014689.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-6698, CVE-2008-0658
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:0402 (openswan)
CentOS Security Advisory CESA-2009:0020 (bind)
CentOS Security Advisory CESA-2009:1648 (ntp)
CentOS Security Advisory CESA-2009:1528 (samba)
CentOS Security Advisory CESA-2009:1522 (kernel)

CentOS Update for compat-openldap CESA-2008:0110 centos4 i386

Take action and discover your vulnerabilities