ID CVE-2015-3276
Summary The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
References
Vulnerable Configurations
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • RedHat Enterprise Linux HPC Node 7.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • OpenLDAP OpenLDAP
    cpe:2.3:a:openldap:openldap
CVSS
Base: 5.0 (as of 09-12-2015 - 10:03)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-2131.NASL
    description Updated openldap packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. (CVE-2015-3276) This issue was discovered by Martin Poole of the Red Hat Software Maintenance Engineering group. The openldap packages have been upgraded to upstream version 2.4.40, which provides a number of bug fixes and one enhancement over the previous version : * The ORDERING matching rules have been added to the ppolicy attribute type descriptions. * The server no longer terminates unexpectedly when processing SRV records. * Missing objectClass information has been added, which enables the user to modify the front-end configuration by standard means. (BZ#1147982) This update also fixes the following bugs : * Previously, OpenLDAP did not properly handle a number of simultaneous updates. As a consequence, sending a number of parallel update requests to the server could cause a deadlock. With this update, a superfluous locking mechanism causing the deadlock has been removed, thus fixing the bug. (BZ#1125152) * The httpd service sometimes terminated unexpectedly with a segmentation fault on the libldap library unload. The underlying source code has been modified to prevent a bad memory access error that caused the bug to occur. As a result, httpd no longer crashes in this situation. (BZ#1158005) * After upgrading the system from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7, symbolic links to certain libraries unexpectedly pointed to locations belonging to the openldap-devel package. If the user uninstalled openldap-devel, the symbolic links were broken and the 'rpm -V openldap' command sometimes produced errors. With this update, the symbolic links no longer get broken in the described situation. If the user downgrades openldap to version 2.4.39-6 or earlier, the symbolic links might break. After such downgrade, it is recommended to verify that the symbolic links did not break. To do this, make sure the yum-plugin-verify package is installed and obtain the target libraries by running the 'rpm -V openldap' or 'yum verify openldap' command. (BZ#1230263) In addition, this update adds the following enhancement : * OpenLDAP clients now automatically choose the Network Security Services (NSS) default cipher suites for communication with the server. It is no longer necessary to maintain the default cipher suites manually in the OpenLDAP source code. (BZ#1245279) All openldap users are advised to upgrade to these updated packages, which correct these issues and add this enhancement.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87132
    published 2015-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87132
    title CentOS 7 : openldap (CESA-2015:2131)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151119_OPENLDAP_ON_SL7_X.NASL
    description A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. (CVE-2015-3276) The openldap packages have been upgraded to upstream version 2.4.40, which provides a number of bug fixes and one enhancement over the previous version : - The ORDERING matching rules have been added to the ppolicy attribute type descriptions. * The server no longer terminates unexpectedly when processing SRV records. * Missing objectClass information has been added, which enables the user to modify the front-end configuration by standard means. This update also fixes the following bugs : - Previously, OpenLDAP did not properly handle a number of simultaneous updates. As a consequence, sending a number of parallel update requests to the server could cause a deadlock. With this update, a superfluous locking mechanism causing the deadlock has been removed, thus fixing the bug. - The httpd service sometimes terminated unexpectedly with a segmentation fault on the libldap library unload. The underlying source code has been modified to prevent a bad memory access error that caused the bug to occur. As a result, httpd no longer crashes in this situation. - After upgrading the system from Scientific Linux 6 to Scientific Linux 7, symbolic links to certain libraries unexpectedly pointed to locations belonging to the openldap-devel package. If the user uninstalled openldap- devel, the symbolic links were broken and the 'rpm -V openldap' command sometimes produced errors. With this update, the symbolic links no longer get broken in the described situation. If the user downgrades openldap to version 2.4.39-6 or earlier, the symbolic links might break. After such downgrade, it is recommended to verify that the symbolic links did not break. To do this, make sure the yum-plugin-verify package is installed and obtain the target libraries by running the 'rpm -V openldap' or 'yum verify openldap' command. In addition, this update adds the following enhancement : - OpenLDAP clients now automatically choose the Network Security Services (NSS) default cipher suites for communication with the server. It is no longer necessary to maintain the default cipher suites manually in the OpenLDAP source code.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 87566
    published 2015-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87566
    title Scientific Linux Security Update : openldap on SL7.x x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-2131.NASL
    description Updated openldap packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. (CVE-2015-3276) This issue was discovered by Martin Poole of the Red Hat Software Maintenance Engineering group. The openldap packages have been upgraded to upstream version 2.4.40, which provides a number of bug fixes and one enhancement over the previous version : * The ORDERING matching rules have been added to the ppolicy attribute type descriptions. * The server no longer terminates unexpectedly when processing SRV records. * Missing objectClass information has been added, which enables the user to modify the front-end configuration by standard means. (BZ#1147982) This update also fixes the following bugs : * Previously, OpenLDAP did not properly handle a number of simultaneous updates. As a consequence, sending a number of parallel update requests to the server could cause a deadlock. With this update, a superfluous locking mechanism causing the deadlock has been removed, thus fixing the bug. (BZ#1125152) * The httpd service sometimes terminated unexpectedly with a segmentation fault on the libldap library unload. The underlying source code has been modified to prevent a bad memory access error that caused the bug to occur. As a result, httpd no longer crashes in this situation. (BZ#1158005) * After upgrading the system from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7, symbolic links to certain libraries unexpectedly pointed to locations belonging to the openldap-devel package. If the user uninstalled openldap-devel, the symbolic links were broken and the 'rpm -V openldap' command sometimes produced errors. With this update, the symbolic links no longer get broken in the described situation. If the user downgrades openldap to version 2.4.39-6 or earlier, the symbolic links might break. After such downgrade, it is recommended to verify that the symbolic links did not break. To do this, make sure the yum-plugin-verify package is installed and obtain the target libraries by running the 'rpm -V openldap' or 'yum verify openldap' command. (BZ#1230263) In addition, this update adds the following enhancement : * OpenLDAP clients now automatically choose the Network Security Services (NSS) default cipher suites for communication with the server. It is no longer necessary to maintain the default cipher suites manually in the OpenLDAP source code. (BZ#1245279) All openldap users are advised to upgrade to these updated packages, which correct these issues and add this enhancement.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86970
    published 2015-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86970
    title RHEL 7 : openldap (RHSA-2015:2131)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-CEB1B8659E.NASL
    description This update should make OpenLDAP up to date with latest NSS, notably : - fix olcTLSProtocolMin handling - fix TLS_CIPHER_SUITE parsing - update a list of ciphers to fit latest NSS development - make use of NSS global settings for `DEFAULTS' TLS_CIPHER_SUITE keyword Additionaly, slapd should start correctly after network is online, now. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-02-03
    plugin id 96968
    published 2017-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96968
    title Fedora 25 : openldap (2017-ceb1b8659e)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-2131.NASL
    description From Red Hat Security Advisory 2015:2131 : Updated openldap packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. (CVE-2015-3276) This issue was discovered by Martin Poole of the Red Hat Software Maintenance Engineering group. The openldap packages have been upgraded to upstream version 2.4.40, which provides a number of bug fixes and one enhancement over the previous version : * The ORDERING matching rules have been added to the ppolicy attribute type descriptions. * The server no longer terminates unexpectedly when processing SRV records. * Missing objectClass information has been added, which enables the user to modify the front-end configuration by standard means. (BZ#1147982) This update also fixes the following bugs : * Previously, OpenLDAP did not properly handle a number of simultaneous updates. As a consequence, sending a number of parallel update requests to the server could cause a deadlock. With this update, a superfluous locking mechanism causing the deadlock has been removed, thus fixing the bug. (BZ#1125152) * The httpd service sometimes terminated unexpectedly with a segmentation fault on the libldap library unload. The underlying source code has been modified to prevent a bad memory access error that caused the bug to occur. As a result, httpd no longer crashes in this situation. (BZ#1158005) * After upgrading the system from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7, symbolic links to certain libraries unexpectedly pointed to locations belonging to the openldap-devel package. If the user uninstalled openldap-devel, the symbolic links were broken and the 'rpm -V openldap' command sometimes produced errors. With this update, the symbolic links no longer get broken in the described situation. If the user downgrades openldap to version 2.4.39-6 or earlier, the symbolic links might break. After such downgrade, it is recommended to verify that the symbolic links did not break. To do this, make sure the yum-plugin-verify package is installed and obtain the target libraries by running the 'rpm -V openldap' or 'yum verify openldap' command. (BZ#1230263) In addition, this update adds the following enhancement : * OpenLDAP clients now automatically choose the Network Security Services (NSS) default cipher suites for communication with the server. It is no longer necessary to maintain the default cipher suites manually in the OpenLDAP source code. (BZ#1245279) All openldap users are advised to upgrade to these updated packages, which correct these issues and add this enhancement.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 87023
    published 2015-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87023
    title Oracle Linux 7 : openldap (ELSA-2015-2131)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-799.NASL
    description A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 97149
    published 2017-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97149
    title Amazon Linux AMI : openldap (ALAS-2017-799)
redhat via4
advisories
bugzilla
id 1245279
title OpenLDAP doesn't use sane (or default) cipher order
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment openldap is earlier than 0:2.4.40-8.el7
        oval oval:com.redhat.rhsa:tst:20152131011
      • comment openldap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347006
    • AND
      • comment openldap-clients is earlier than 0:2.4.40-8.el7
        oval oval:com.redhat.rhsa:tst:20152131009
      • comment openldap-clients is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347016
    • AND
      • comment openldap-devel is earlier than 0:2.4.40-8.el7
        oval oval:com.redhat.rhsa:tst:20152131005
      • comment openldap-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347008
    • AND
      • comment openldap-servers is earlier than 0:2.4.40-8.el7
        oval oval:com.redhat.rhsa:tst:20152131013
      • comment openldap-servers is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347012
    • AND
      • comment openldap-servers-sql is earlier than 0:2.4.40-8.el7
        oval oval:com.redhat.rhsa:tst:20152131007
      • comment openldap-servers-sql is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110347014
rhsa
id RHSA-2015:2131
released 2015-11-19
severity Moderate
title RHSA-2015:2131: openldap security, bug fix, and enhancement update (Moderate)
rpms
  • openldap-0:2.4.40-8.el7
  • openldap-clients-0:2.4.40-8.el7
  • openldap-devel-0:2.4.40-8.el7
  • openldap-servers-0:2.4.40-8.el7
  • openldap-servers-sql-0:2.4.40-8.el7
refmap via4
confirm
sectrack 1034221
Last major update 14-10-2016 - 22:01
Published 07-12-2015 - 15:59
Back to Top