Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2005:121: nss_ldap Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the nss_ldap package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2005:121 (nss_ldap).

Rob Holland, of the Gentoo Security Audit Team, discovered that pam_ldap and
nss_ldap would not use TLS for referred connections if they are referred to a
master after connecting to a slave, regardless of the 'ssl start_tls' setting
in ldap.conf.

As well, a bug in nss_ldap in Corporate Server and Mandrake 10.0 has been fixed
that caused crond, and other applications, to crash as a result of clients
receiving a SIGPIPE signal when attempting to issue a new search request to a
directory server that is no longer available.

The updated packages have been patched to address this issue.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.