|
Family: Ubuntu Local Security Checks --> Category: infos
USN152-1 : openldap2, libpam-ldap, libnss-ldap vulnerabilities Vulnerability Scan
Vulnerability Scan Summary openldap2, libpam-ldap, libnss-ldap vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- ldap-utils
- libldap2
- libldap2-dev
- libnss-ldap
- libpam-ldap
- libslapd2-dev
- slapd
Description :
Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and
libnss-ldap. When a client connected to a slave LDAP server using SSL,
the slave server did not use SSL as well when contacting the LDAP
master server. This caused passwords and other confident information
to be transmitted unencrypted between the slave and the master.
Solution :
Upgrade to :
- ldap-utils-2.1.30-3ubuntu3.1 (Ubuntu 5.04)
- libldap2-2.1.30-3ubuntu3.1 (Ubuntu 5.04)
- libldap2-dev-2.1.30-3ubuntu3.1 (Ubuntu 5.04)
- libnss-ldap-220-1ubuntu0.1 (Ubuntu 5.04)
- libpam-ldap-169-1ubuntu0.1 (Ubuntu 5.04)
- libslapd2-dev-2.1.30-3ubuntu3.1 (Ubuntu 5.04)
- slapd-2.1.30-3ubuntu3.1 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|