ID de Prueba:	1.3.6.1.4.1.25623.1.0.122584
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2008-0389)
Resumen:	The remote host is missing an update for the 'nss_ldap' package(s) announced via the ELSA-2008-0389 advisory.
Descripción:	Summary: The remote host is missing an update for the 'nss_ldap' package(s) announced via the ELSA-2008-0389 advisory. Vulnerability Insight: [253-12] - rebuild [253-11] - backport changes to group parsing from version 254 to fix heap corruption when parsing nested groups (#444031) [253-10] - remove unnecessary nss_ldap linkage to libnsl (part of #427370) [253-9] - rebuild [253-8] - incorporate Tomas Janouseks fix to prevent re-use of connections across fork() (#252337) [253-7] - add keyutils-libs-devel and libselinux-devel as a buildrequires: in order to static link with newer Kerberos (#427370) [253-6] - suppress password-expired errors encountered during referral chases during modify requests (#335661) - interpret server-supplied policy controls when chasing referrals, so that we don't give up when following a referral for a password change after reset (#335661) - don't attempt to change the password using ldap_modify if the password change mode is 'exop_send_old' (we already didn't for 'exop') (#364501) - don't drop the supplied password if the directory server indicates that the password needs to be changed because its just been reset: we may need it to chase a referral later (#335661) - correctly detect libresolv and build a URI using discovered settings, so that server discovery can work again (#254172) - honor the 'port' setting again by correctly detecting when a URI doesn't already specify one (#326351) Affected Software/OS: 'nss_ldap' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5794 1020088 http://www.securitytracker.com/id?1020088 20080212 FLEA-2008-0003-1 nss_ldap http://www.securityfocus.com/archive/1/487985/100/0/threaded 26452 http://www.securityfocus.com/bid/26452 27670 http://secunia.com/advisories/27670 27768 http://secunia.com/advisories/27768 27839 http://secunia.com/advisories/27839 28061 http://secunia.com/advisories/28061 28838 http://secunia.com/advisories/28838 29083 http://secunia.com/advisories/29083 30352 http://secunia.com/advisories/30352 31227 http://secunia.com/advisories/31227 31524 http://secunia.com/advisories/31524 DSA-1430 http://www.debian.org/security/2007/dsa-1430 GLSA-200711-33 http://security.gentoo.org/glsa/glsa-200711-33.xml MDVSA-2008:049 http://www.mandriva.com/security/advisories?name=MDVSA-2008:049 RHSA-2008:0389 http://www.redhat.com/support/errata/RHSA-2008-0389.html RHSA-2008:0715 http://www.redhat.com/support/errata/RHSA-2008-0715.html SUSE-SR:2008:003 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html [Dovecot] 20050303 hanging imap... and users getting other users' emails! http://www.dovecot.org/list/dovecot/2005-March/006345.html [Dovecot] 20050409 Authentication and the wrong mailbox? http://www.dovecot.org/list/dovecot/2005-April/006859.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453868 http://bugs.gentoo.org/show_bug.cgi?id=198390 http://support.avaya.com/elmodocs2/security/ASA-2008-332.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0255 https://bugzilla.redhat.com/show_bug.cgi?id=154314 https://bugzilla.redhat.com/show_bug.cgi?id=367461 https://issues.rpath.com/browse/RPL-1913 nssldap-ldap-race-condition(38505) https://exchange.xforce.ibmcloud.com/vulnerabilities/38505 oval:org.mitre.oval:def:10625 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10625
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.