Rapid7 Vulnerability & Exploit Database

RHSA-2010:0198: openldap security and bug fix update

Back to Search

RHSA-2010:0198: openldap security and bug fix update

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
10/23/2009
Created
07/25/2018
Added
04/06/2010
Modified
10/16/2020

Description

libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '

OpenLDAP is an open source suite of LDAP (Lightweight Directory AccessProtocol) applications and development tools.A flaw was found in the way OpenLDAP handled NUL characters in theCommonName field of X.509 certificates. An attacker able to get acarefully-crafted certificate signed by a trusted Certificate Authoritycould trick applications using OpenLDAP libraries into accepting it bymistake, allowing the attacker to perform a man-in-the-middle attack.(CVE-2009-3767)This update also fixes the following bugs:Users of OpenLDAP should upgrade to these updated packages, which resolvethese issues.

' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Solution(s)

  • redhat-upgrade-compat-openldap
  • redhat-upgrade-openldap
  • redhat-upgrade-openldap-clients
  • redhat-upgrade-openldap-devel
  • redhat-upgrade-openldap-servers
  • redhat-upgrade-openldap-servers-overlays
  • redhat-upgrade-openldap-servers-sql

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;