CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
EPSS
Percentile
74.0%
A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024)
This update also fixes the following bug :
After installing this update, the OpenLDAP daemons will be restarted automatically.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(60987);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2011-1024");
script_name(english:"Scientific Linux Security Update : openldap on SL5.x i386/x86_64");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"A flaw was found in the way OpenLDAP handled authentication failures
being passed from an OpenLDAP slave to the master. If OpenLDAP was
configured with a chain overlay and it forwarded authentication
failures, OpenLDAP would bind to the directory as an anonymous user
and return success, rather than return failure on the authenticated
bind. This could allow a user on a system that uses LDAP for
authentication to log into a directory-based account without knowing
the password. (CVE-2011-1024)
This update also fixes the following bug :
- Previously, multiple concurrent connections to an
OpenLDAP server could cause the slapd service to
terminate unexpectedly with an assertion error. This
update adds mutexes to protect multiple threads from
accessing a structure with a connection, and the slapd
service no longer crashes. (BZ#677611)
After installing this update, the OpenLDAP daemons will be restarted
automatically."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=677611"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=8659
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?e13c598e"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2011/03/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL5", reference:"compat-openldap-2.3.43_2.2.29-12.el5_6.7")) flag++;
if (rpm_check(release:"SL5", reference:"openldap-2.3.43-12.el5_6.7")) flag++;
if (rpm_check(release:"SL5", reference:"openldap-clients-2.3.43-12.el5_6.7")) flag++;
if (rpm_check(release:"SL5", reference:"openldap-devel-2.3.43-12.el5_6.7")) flag++;
if (rpm_check(release:"SL5", reference:"openldap-servers-2.3.43-12.el5_6.7")) flag++;
if (rpm_check(release:"SL5", reference:"openldap-servers-overlays-2.3.43-12.el5_6.7")) flag++;
if (rpm_check(release:"SL5", reference:"openldap-servers-sql-2.3.43-12.el5_6.7")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");