French Security Incident Response Team

Termes et NomenclatureDéfinition des niveaux de risquesConfidentialité et Charte de confianceService FrSIRT VNS

FrSIRT   

      

   français Français   anglais English

 
Veille en vulnérabilités
FrSIRT VNS Publisher
Demande d'informations
Période d'essai gratuite
 

Bulletins et avis de vulnérabilités
Bulletins de sécurité et avis de vulnérabilités Linux
Virus & AlertesMenaces en temps réel / Blog Sécurité Informatique
Attaques Zero-day (0-jour)
Rechercher une vulnérabilité
 

Déclarer un incident de sécurité
Mailing liste Newsletter Sécurité informatique
 

A propos de FrSIRT / ADConsulting
Nos Clients & RéférencesFrSIRT Dans la presse
Espace Annonceurs
Offre d'emploi et stage Sécurité Informatique
Nous contacter

Mandriva Security Update Fixes OpenLDAP Denial of Service Issues

Date de Publication : 2008-03-06 © FrSIRT.COM
Titre : Mandriva Security Update Fixes OpenLDAP Denial of Service Issues
Identifiant : FrSIRT/AVIS-2008-0771
CVE ID : CVE-2007-5708 - CVE-2007-6698 - CVE-2008-0658
Risque : Modéré (2/4) -
Exploitable à distance : Oui
Exploitable en local : Oui
 

En savoir plus
 
  Description
  Produits affectés
  Solution
  Références
Description Technique    TXT (Plain Text)  PDF (Portable Document Format)  XML (Extensible Markup Language)  SMS (Short Message Service) 

Plusieurs vulnérabilités ont été identifiées dans Mandriva, elles pourraient être exploitées par des attaquants afin de causer un déni de service [...]

Solution

Installer les mises à jour :

Mandriva Linux 2007.0:
d4427f6f960dceb0a54887395688b02d 2007.0/i586/libldap2.3_0-2.3.27-2.2mdv2007.0.i586.rpm
fb96499f3a33a20274b95ae1fe986938 2007.0/i586/libldap2.3_0-devel-2.3.27-2.2mdv2007.0.i586.rpm
0fe0f9a22d5a3d2b8d07170f7e02c360 2007.0/i586/libldap2.3_0-static-devel-2.3.27-2.2mdv2007.0.i586.rpm
248f3a65f570e22b7d1ec67e95a0249e 2007.0/i586/openldap-2.3.27-2.2mdv2007.0.i586.rpm
0ecb5d940de1ec31b1191110d3b40e4e 2007.0/i586/openldap-clients-2.3.27-2.2mdv2007.0.i586.rpm
43170f54bac53b30c6129b07253ab7f6 2007.0/i586/openldap-doc-2.3.27-2.2mdv2007.0.i586.rpm
16a103849faddc8b9e300bd7738b5bde 2007.0/i586/openldap-servers-2.3.27-2.2mdv2007.0.i586.rpm
53476478b042cbbbb2e59edf5a2ff330 2007.0/SRPMS/openldap-2.3.27-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
eb36e1526f2b3a3a03271edf66d2cca4 2007.0/x86_64/lib64ldap2.3_0-2.3.27-2.2mdv2007.0.x86_64.rpm
6b37c2ee41eb94cb65ec40d551538022 2007.0/x86_64/lib64ldap2.3_0-devel-2.3.27-2.2mdv2007.0.x86_64.rpm
6f009e31ac35621ffa9247501d583ed1 2007.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-2.2mdv2007.0.x86_64.rpm
445fb7aeb7818f0358659c91fb8ada70 2007.0/x86_64/openldap-2.3.27-2.2mdv2007.0.x86_64.rpm
3cc4725e66a377e07e908f48ee149acb 2007.0/x86_64/openldap-clients-2.3.27-2.2mdv2007.0.x86_64.rpm
c5ba86642d7c9e6f3fe51d1201f9596c 2007.0/x86_64/openldap-doc-2.3.27-2.2mdv2007.0.x86_64.rpm
13f4514be8c8f989cc4a1537ec8f8177 2007.0/x86_64/openldap-servers-2.3.27-2.2mdv2007.0.x86_64.rpm
53476478b042cbbbb2e59edf5a2ff330 2007.0/SRPMS/openldap-2.3.27-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
7cc3081ddcfd3db452d2e90036e3a628 2007.1/i586/libldap2.3_0-2.3.34-5.2mdv2007.1.i586.rpm
fbc6f5333b7ca7796d95e8a3718f164a 2007.1/i586/libldap2.3_0-devel-2.3.34-5.2mdv2007.1.i586.rpm
e7d258fa40a2a5c52314c856b3bc4fc1 2007.1/i586/libldap2.3_0-static-devel-2.3.34-5.2mdv2007.1.i586.rpm
589ef40a1af243f7664965fe090f7de2 2007.1/i586/openldap-2.3.34-5.2mdv2007.1.i586.rpm
ce64d22f74a555746a408d86ab5c24cb 2007.1/i586/openldap-clients-2.3.34-5.2mdv2007.1.i586.rpm
35e5939274493799d93f2eca1388420a 2007.1/i586/openldap-doc-2.3.34-5.2mdv2007.1.i586.rpm
4dd84314508659366aaf95027f37896d 2007.1/i586/openldap-servers-2.3.34-5.2mdv2007.1.i586.rpm
1117b03409884c7799a1f7fd4ac29725 2007.1/i586/openldap-testprogs-2.3.34-5.2mdv2007.1.i586.rpm
67f80a1770d45f7e7e294bd8ec92846e 2007.1/i586/openldap-tests-2.3.34-5.2mdv2007.1.i586.rpm
a686ce5b015b7accd63d327a0f898d84 2007.1/SRPMS/openldap-2.3.34-5.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
d47695976ba1bb63169509da41e57e07 2007.1/x86_64/lib64ldap2.3_0-2.3.34-5.2mdv2007.1.x86_64.rpm
e6223017fb3b35792e680db1203aca6c 2007.1/x86_64/lib64ldap2.3_0-devel-2.3.34-5.2mdv2007.1.x86_64.rpm
320f8173708590828f70b4995d8ef2a8 2007.1/x86_64/lib64ldap2.3_0-static-devel-2.3.34-5.2mdv2007.1.x86_64.rpm
3b008b7ed26ea10234a13289e84f9388 2007.1/x86_64/openldap-2.3.34-5.2mdv2007.1.x86_64.rpm
c158c817b74e2c1e678e8d34fef24a0e 2007.1/x86_64/openldap-clients-2.3.34-5.2mdv2007.1.x86_64.rpm
7b457f83f95361b82e3340cdbc5dcff1 2007.1/x86_64/openldap-doc-2.3.34-5.2mdv2007.1.x86_64.rpm
fde2e695d34441ae77714de0fb42d1ba 2007.1/x86_64/openldap-servers-2.3.34-5.2mdv2007.1.x86_64.rpm
96715702c27b99497c5ec7aa917fb586 2007.1/x86_64/openldap-testprogs-2.3.34-5.2mdv2007.1.x86_64.rpm
f55189544f96a7de67af997eae52631b 2007.1/x86_64/openldap-tests-2.3.34-5.2mdv2007.1.x86_64.rpm
a686ce5b015b7accd63d327a0f898d84 2007.1/SRPMS/openldap-2.3.34-5.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
50d197a5004773e80a4fa3fbf64f683b 2008.0/i586/libldap2.3_0-2.3.38-3.2mdv2008.0.i586.rpm
3fb1cbd91ce0b520f1185883ba6631e4 2008.0/i586/libldap2.3_0-devel-2.3.38-3.2mdv2008.0.i586.rpm
e6afb970700d63e982fb62108a5483af 2008.0/i586/libldap2.3_0-static-devel-2.3.38-3.2mdv2008.0.i586.rpm
bbdc4dc9929c911d63638833b636da11 2008.0/i586/openldap-2.3.38-3.2mdv2008.0.i586.rpm
21ba24d4b6f8b09f7870e94c983e5706 2008.0/i586/openldap-clients-2.3.38-3.2mdv2008.0.i586.rpm
8b12e3e7f72ca68c7839a4deccbd8781 2008.0/i586/openldap-doc-2.3.38-3.2mdv2008.0.i586.rpm
04abf0a21b507a3626667f4bc7755738 2008.0/i586/openldap-servers-2.3.38-3.2mdv2008.0.i586.rpm
fd6652cb4645b22b77afaa5e7d46c5b8 2008.0/i586/openldap-testprogs-2.3.38-3.2mdv2008.0.i586.rpm
14690bfcbf5c3cbaf9f34e86fe812d58 2008.0/i586/openldap-tests-2.3.38-3.2mdv2008.0.i586.rpm
d04ebbb872eecb60934dbda7ad8cc310 2008.0/SRPMS/openldap-2.3.38-3.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
e743f1c46812c62178d82792e78580b3 2008.0/x86_64/lib64ldap2.3_0-2.3.38-3.2mdv2008.0.x86_64.rpm
02a8a95838044337c7c2813b2b6158cb 2008.0/x86_64/lib64ldap2.3_0-devel-2.3.38-3.2mdv2008.0.x86_64.rpm
4497a989916bda44db6bd5ce93373907 2008.0/x86_64/lib64ldap2.3_0-static-devel-2.3.38-3.2mdv2008.0.x86_64.rpm
a0c92471258de04a589a651bd571ece6 2008.0/x86_64/openldap-2.3.38-3.2mdv2008.0.x86_64.rpm
16268ccf7f5fbc375c4fd8313bd389de 2008.0/x86_64/openldap-clients-2.3.38-3.2mdv2008.0.x86_64.rpm
72de58e66a16f68212bff5fb899cf44c 2008.0/x86_64/openldap-doc-2.3.38-3.2mdv2008.0.x86_64.rpm
7510f04c21750fca734ad4bd9c0b336e 2008.0/x86_64/openldap-servers-2.3.38-3.2mdv2008.0.x86_64.rpm
353a580e2280b765e99906cd598f641a 2008.0/x86_64/openldap-testprogs-2.3.38-3.2mdv2008.0.x86_64.rpm
1170527a0621b41bb9257bb3e1922dc1 2008.0/x86_64/openldap-tests-2.3.38-3.2mdv2008.0.x86_64.rpm
d04ebbb872eecb60934dbda7ad8cc310 2008.0/SRPMS/openldap-2.3.38-3.2mdv2008.0.src.rpm

Corporate 4.0:
4f14a96268be28e1a5b486e153080ff8 corporate/4.0/i586/libldap2.3_0-2.3.27-1.4.20060mlcs4.i586.rpm
00a834b2fa4941e2c1a4a58c6c034df6 corporate/4.0/i586/libldap2.3_0-devel-2.3.27-1.4.20060mlcs4.i586.rpm
b21351bf410ad80dd2165cd680ec5512 corporate/4.0/i586/libldap2.3_0-static-devel-2.3.27-1.4.20060mlcs4.i586.rpm
f76ddc4f7daef7163d2b6ae3dc159bfa corporate/4.0/i586/openldap-2.3.27-1.4.20060mlcs4.i586.rpm
4f39a60ebc0f10b448249a6fd391881a corporate/4.0/i586/openldap-clients-2.3.27-1.4.20060mlcs4.i586.rpm
56c6a71605ef78d91f39764a6bd5805c corporate/4.0/i586/openldap-doc-2.3.27-1.4.20060mlcs4.i586.rpm
278c5076219f41b620fe4be209b560f6 corporate/4.0/i586/openldap-servers-2.3.27-1.4.20060mlcs4.i586.rpm
2ae4d3fde1ca0cdc2718edba0ed5caa7 corporate/4.0/SRPMS/openldap-2.3.27-1.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
001e7ac83e8b0f4bd786c7a34b18bc6f corporate/4.0/x86_64/lib64ldap2.3_0-2.3.27-1.4.20060mlcs4.x86_64.rpm
3a383bce15adeb349f2cbc2e2e09e617 corporate/4.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.4.20060mlcs4.x86_64.rpm
fb829cc7b376913774f7e17f63126ea7 corporate/4.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.4.20060mlcs4.x86_64.rpm
8cf4600913c6f0480dcb4a83a2caf97e corporate/4.0/x86_64/openldap-2.3.27-1.4.20060mlcs4.x86_64.rpm
ebee2e465a241aef5a6317dff68cf939 corporate/4.0/x86_64/openldap-clients-2.3.27-1.4.20060mlcs4.x86_64.rpm
b27b946152945b36385ed80cfaca5960 corporate/4.0/x86_64/openldap-doc-2.3.27-1.4.20060mlcs4.x86_64.rpm
e567e790d1ae957531f899cb6fc766cf corporate/4.0/x86_64/openldap-servers-2.3.27-1.4.20060mlcs4.x86_64.rpm
2ae4d3fde1ca0cdc2718edba0ed5caa7 corporate/4.0/SRPMS/openldap-2.3.27-1.4.20060mlcs4.src.rpm

Historique

2008-03-06 : Version Initiale

Recevez les bulletins FrSIRT

Le service FrSIRT VNS permet aux professionnels de la sécurité (RSSI, DSI, administrateurs et consultants) de recevoir en temps-réel, par email, SMS et flux RSS/XML, des bulletins de vulnérabilités complets, détaillés et personnalisés.
 
 

Recherche    

      

Newsletter    

    
 

Microsoft Visual Studio "Msmask32" Code Execution Vulnerability

Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)

Microsoft Windows Messenger Data Disclosure (MS08-050)

Microsoft Windows Event System Code Execution (MS08-049)

Microsoft Outlook and Mail Security Bypass Vulnerability (MS08-048)

Microsoft Windows IPsec Policy Data Disclosure Vulnerability (MS08-047)

Microsoft Windows MSCMS Code Execution Vulnerability (MS08-046)

Sun Solaris Covert Channel Local Security Bypass Vulnerability

Sun Solaris NFS RPC Zone Denial of Service Vulnerability

Sun Solaris NFS Kernel Module Local Denial of Service Vulnerability

Sun Solaris NFSv4 Client Kernel Module Denial of Service Vulnerability

Sun Java System Portal Server Cross Site Scripting Vulnerability

Sun rdesktop Code Execution and Denial of Service

Sun Java System Web Proxy Server Denial of Service Vulnerability

IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability

IBM WebSphere Application Server Cross Site Scripting Vulnerability

IBM DB2 CLR Stored Procedures Unspecified Vulnerability

IBM Lotus Quickr Multiple Cross Site Scripting Vulnerabilities

IBM WebSphere Portal Remote Authentication Bypass Vulnerability

IBM Rational ClearQuest Login Page Cross Site Scripting Vulnerability

IBM WebSphere Application Server Security Exposure Vulnerabilities

  FrSIRT.COM © Tous droits réservés 2003-2008 - Notice Légale  sécurité informatique