Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:121: nss_ldap Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the nss_ldap package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:121 (nss_ldap).
Rob Holland, of the Gentoo Security Audit Team, discovered that pam_ldap and
nss_ldap would not use TLS for referred connections if they are referred to a
master after connecting to a slave, regardless of the 'ssl start_tls' setting
As well, a bug in nss_ldap in Corporate Server and Mandrake 10.0 has been fixed
that caused crond, and other applications, to crash as a result of clients
receiving a SIGPIPE signal when attempting to issue a new search request to a
directory server that is no longer available.
The updated packages have been patched to address this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:121
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.