var-200909-0789
Vulnerability from variot
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SSL A vulnerability that impersonates a server exists. This vulnerability CVE-2009-2408 And is related.By crafted certificate, any SSL There is a possibility of impersonating a server. OpenLDAP is prone to a security-bypass vulnerability. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Summary:
JBoss Enterprise Web Server 1.0.2 is now available from the Red Hat Customer Portal for Red Hat Enterprise Linux 4, 5 and 6, Solaris, and Microsoft Windows.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Description:
JBoss Enterprise Web Server is a fully-integrated and certified set of components for hosting Java web applications.
This is the first release of JBoss Enterprise Web Server for Red Hat Enterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, Solaris, and Microsoft Windows, this release serves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes a number of bug fixes. Refer to the Release Notes, linked in the References, for more information.
This update corrects security flaws in the following components:
tomcat6:
A cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. If a remote attacker could trick a user who is logged into the Manager application into visiting a specially-crafted URL, the attacker could perform Manager application tasks with the privileges of the logged in user. (CVE-2010-4172)
tomcat5 and tomcat6:
It was found that web applications could modify the location of the Apache Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. (CVE-2010-3718)
A second cross-site scripting (XSS) flaw was found in the Manager application. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013)
A possible minor information leak was found in the way Apache Tomcat generated HTTP BASIC and DIGEST authentication requests. For configurations where a realm name was not specified and Tomcat was accessed via a proxy, the default generated realm contained the hostname and port used by the proxy to send requests to the Tomcat server. (CVE-2010-1157)
httpd:
A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452)
A flaw was discovered in the way the mod_proxy_http module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. In some configurations, the proxy could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. Note: This issue only affected httpd running on the Windows operating system. (CVE-2010-2068)
apr:
It was found that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching. (CVE-2011-0419)
apr-util:
It was found that certain input could cause the apr-util library to allocate more memory than intended in the apr_brigade_split_line() function. An attacker able to provide input in small chunks to an application using the apr-util library (such as httpd) could possibly use this flaw to trigger high memory consumption. (CVE-2010-1623)
The following flaws were corrected in the packages for Solaris and Windows. Updates for Red Hat Enterprise Linux can be downloaded from the Red Hat Network.
Multiple flaws in OpenSSL, which could possibly cause a crash, code execution, or a change of session parameters, have been corrected. (CVE-2009-3245, CVE-2010-4180, CVE-2008-7270)
Two denial of service flaws were corrected in Expat. (CVE-2009-3560, CVE-2009-3720)
An X.509 certificate verification flaw was corrected in OpenLDAP. (CVE-2009-3767)
More information about these flaws is available from the CVE links in the References. Solution:
All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat Customer Portal are advised to upgrade to JBoss Enterprise Web Server 1.0.2, which corrects these issues.
The References section of this erratum contains a download link (you must log in to download the update). Before installing the update, backup your existing JBoss Enterprise Web Server installation (including all applications and configuration files). Apache Tomcat and the Apache HTTP Server must be restarted for the update to take effect. Bugs fixed (http://bugzilla.redhat.com/):
530715 - CVE-2009-3767 OpenLDAP: Doesn't properly handle NULL character in subject Common Name 531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences 533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences 570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks 585331 - CVE-2010-1157 tomcat: information disclosure in authentication headers 618189 - CVE-2010-1452 httpd mod_cache, mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments 632994 - CVE-2010-2068 httpd (mod_proxy): Sensitive response disclosure due improper handling of timeouts 640281 - CVE-2010-1623 apr-util: high memory consumption in apr_brigade_split_line() 656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application 659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack 660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack 675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface 675792 - CVE-2010-3718 tomcat: file permission bypass flaw 703390 - CVE-2011-0419 apr: unconstrained recursion in apr_fnmatch
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc.
For the oldstable distribution (etch), this problem has been fixed in version 2.3.30-5+etch3 for openldap2.3.
For the stable distribution (lenny), this problem has been fixed in version 2.4.11-1+lenny1 for openldap.
For the testing distribution (squeeze), and the unstable distribution (sid), this problem has been fixed in version 2.4.17-2.1 for openldap.
We recommend that you upgrade your openldap2.3/openldap packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz Size/MD5 checksum: 2971126 c40bcc23fa65908b8d7a86a4a6061251
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.dsc Size/MD5 checksum: 1214 36efc1cf2a98c54d4b1da0910e273843
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.diff.gz Size/MD5 checksum: 315058 310ce752b78ff3227d78dcd8c1bd60a5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_alpha.deb Size/MD5 checksum: 293108 2172048d5f8b8b7f379b3414fc5c2e37
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_alpha.deb Size/MD5 checksum: 1280772 ab65f162a40607c1787f9b03783a7563
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_alpha.deb Size/MD5 checksum: 193768 602a6da790648dd8b0af7d9f386b5c6e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_amd64.deb Size/MD5 checksum: 285554 42480b47018eb1d70b9e62d05b925a5b
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_amd64.deb Size/MD5 checksum: 1244570 b88256f8259516b09c51f166ff6b4aea
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_amd64.deb Size/MD5 checksum: 184652 716cc53985a031d1fe03fede778d6ae5
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_arm.deb Size/MD5 checksum: 1190314 8686c6a9a9240e6113f92c8bb20d7e1a
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_arm.deb Size/MD5 checksum: 254828 49d9c9a250fb4a5a828de5791ee92380
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_arm.deb Size/MD5 checksum: 155876 bb45d3104fe4b9811fdb3063da42d3b1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_hppa.deb Size/MD5 checksum: 1307146 698d7416e4cc544522ce2e25ac9c0fce
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_hppa.deb Size/MD5 checksum: 292798 eb9d6d19560a1153cc58ccae3f354a4e
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_hppa.deb Size/MD5 checksum: 182568 caade74265ee9d7b8ac77c844c23b413
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_i386.deb Size/MD5 checksum: 1177552 f3ccf11b82474593af5e30a272f9edb9
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_i386.deb Size/MD5 checksum: 148744 168e58797e74f9b3b6d3c337b6369ca7
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_i386.deb Size/MD5 checksum: 266538 3be52b8402d06913624a3e808be58ecb
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_ia64.deb Size/MD5 checksum: 239248 78d1537b3a106824ff5d076e828a0312
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_ia64.deb Size/MD5 checksum: 379904 dbc96e1a44dce4bb5f79b9c043823293
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_ia64.deb Size/MD5 checksum: 1660854 fcc2873ffd50e45c956d9bcc81d83c51
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mips.deb Size/MD5 checksum: 258210 298f5a83a1efd8c035644fd58df21f2c
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mips.deb Size/MD5 checksum: 185598 b6c67ee072f2de03820e7ce11edb39c3
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mips.deb Size/MD5 checksum: 1205768 3f312958af5ea129384513e5fab72208
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mipsel.deb Size/MD5 checksum: 258852 d7ba57787989e3fb5035fce34b04965d
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mipsel.deb Size/MD5 checksum: 187100 46910e3923926ac060c13a7a53f8cac4
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mipsel.deb Size/MD5 checksum: 1188878 5698884b42d7206c2b0c134602861354
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_powerpc.deb Size/MD5 checksum: 188914 e03855167b8e13bdb72e47baa9644f86
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_powerpc.deb Size/MD5 checksum: 272378 f5741b7ac8f4172e7481f5c2e699231b
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_powerpc.deb Size/MD5 checksum: 1243754 2a8b933e956e5ac4bc29028688bb09ec
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_s390.deb Size/MD5 checksum: 291822 6b47ac5b7fbc269c1973c494d5dadbc2
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_s390.deb Size/MD5 checksum: 168716 f72b023d98d61565c624f7acbf953baf
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_s390.deb Size/MD5 checksum: 1241532 0167eb506b063de5435181f40c6cf809
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_sparc.deb Size/MD5 checksum: 1177712 770a58d0c60ad11e5ca4cf25159fe2c7
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_sparc.deb Size/MD5 checksum: 153682 d8bf20f2a94456451d4ea29d3237d280
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_sparc.deb Size/MD5 checksum: 258560 4bfd77d56852608813f158ecfd91b42b
Debian GNU/Linux 5.0 alias lenny
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.diff.gz Size/MD5 checksum: 148075 024b717169f42734ee5650ebe2978631
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.dsc Size/MD5 checksum: 1831 ca4cb86b4847a59f95275ff2f4d0e173
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11.orig.tar.gz Size/MD5 checksum: 4193523 d4e8669e2c9b8d981e371e97e3cf92d9
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 3624752 5b4e467360ecd8cc897b03b5aca57dad
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 205526 3b083869976ab4d8d8df69d27fe9480e
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 280526 4ed333757fef7e98d89c5edda6589b04
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 1537448 98d6aeab748560a491e0b526d930fc0c
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 1013148 cc656603f7ae0eacc2b3c22dd1fae967
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 285128 e526e547a4af2c13bf3ae90dfdf023a2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 1493300 31c077d63cc2ff159927939cadb29808
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 299612 e148216f77a9136adb19acd8df026d6d
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 267470 f903f46433faa1d2b6b203e50aaed3d8
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 881074 de337737dd93af0b81bd90e3c6f23377
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 3664994 8ad4581bd54e1ed7a8f3c1c8bf210c17
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 204896 c0dba3b62aa14392d29f831d6c87206d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 280140 ccaed923684d35304f50f27fc6b868b3
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 248918 a08cf9fd18ce8806be437c364179c2b3
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 877400 614df898211cc5311a62159f6ee21b93
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 1405962 5e1e62d6f0a5984486fa2eaa478eab38
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 180520 96b5fe5d50b9a1d59eb5ab03489a1b90
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 3572646 a8e804a9e966a57306a9229acd11ff80
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 1533292 8d5c2d83596b10c9d3ee7a4dcb692026
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 3619256 2ad8452962291b553fadc8bb6398f834
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 200874 27205d8a86701cb133f7507eeef5e76a
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 283816 1163f67e39b08c10cf492b24bd526f24
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 264158 905749f1e385f9d93c2358b05dc42dfb
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 999386 6a071952604a9c30483fca7f3a3754ec
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 189442 879dac84b581979646c49bde9743c630
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 286808 2dcb4f8e5514d9e4d9072b4853da322d
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 892068 449ba5d6037617e4e93dfd6bcb093549
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 3560322 c6a6fbc66944bd05585c1065ab012c93
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 244952 5a5b31ebb9098059e62eb57d209a6846
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 1404266 a3bffb93ec3b0d0d130a6a7e29091a9b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 3589108 d34afb06a3b21ad7267ef5d31b6ad322
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 932026 1194a002673f8a73cf382c2333c7882b
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 352020 e40c570396514fee0c6eee3920be2607
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 269084 1720388cc8102f33122375034a703a05
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 259018 658248f4329555e81896800709302575
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 2006532 6ad20563d8999759f32445576fd69856
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 3712752 8d48a2797c1f4e6b5dea203698e4b31c
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 180956 88613b463fcdba79539048ce681d4f5e
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 260240 f6fa5402a6fc03aef4b87735030969c5
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 854756 76ad64ab6fe85c5bfc654266101e024a
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 1394436 4930b2b56c642182c8ccd69d5bc53685
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 302106 3672bab4d2c0c037a1d9c0a61fa16139
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 3718584 7b120292ce66e7ea85b3ad623da0bb4e
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 295146 f131ea5cdbab25c2416ff06f6697bc08
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 199248 c683d506deb5fadabea906c9dec36c9f
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 1536614 b5c37ae6f72127bdf6910100edeb06e5
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 907106 6af4614c092e6ccda8580e6a73cb8728
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 284952 b75e2ddab46ddab036ef40b21cec63ee
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 872178 a7739e034d0df26a69e0cb569802d594
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 249022 334ecf73608e20ec6cff79716cf10fde
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 1387990 4935db487abd61e04adb3a846ed7aadc
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 260980 006fdd6b90293fdf1331442ccabde568
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 182822 73c3edfab6b52e772ed36c990c13f210
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 3502906 c19b8875ae915cec344bb74a5e462e44
These files will probably be moved into the stable distribution on its next update. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-36
http://security.gentoo.org/
Severity: Normal Title: OpenLDAP: Multiple vulnerabilities Date: June 30, 2014 Bugs: #290345, #323777, #355333, #388605, #407941, #424167 ID: 201406-36
Synopsis
Multiple vulnerabilities were found in OpenLDAP, allowing for Denial of Service or a man-in-the-middle attack.
Background
OpenLDAP is an LDAP suite of application and development tools.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-nds/openldap < 2.4.35 >= 2.4.35
Description
Multiple vulnerabilities have been discovered in OpenLDAP. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using OpenLDAP, bypass security restrictions or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All OpenLDAP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-nds/openldap-2.4.35"
References
[ 1 ] CVE-2009-3767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3767 [ 2 ] CVE-2010-0211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0211 [ 3 ] CVE-2010-0212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0212 [ 4 ] CVE-2011-1024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1024 [ 5 ] CVE-2011-1025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1025 [ 6 ] CVE-2011-1081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1081 [ 7 ] CVE-2011-4079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4079 [ 8 ] CVE-2012-1164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1164 [ 9 ] CVE-2012-2668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2668
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-36.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2010-0015 Synopsis: VMware ESX third party updates for Service Console Issue date: 2010-09-30 Updated on: 2010-09-30 (initial release of advisory) CVE numbers: CVE-2010-0826 CVE-2009-3767 CVE-2010-0734 CVE-2010-1646 CVE-2009-3555 CVE-2009-2409 CVE-2009-3245 CVE-2010-0433
- Summary
ESX 4.0 Console OS (COS) updates for NSS_db, OpenLDAP, cURL, sudo OpenSSL, GnuTLS, NSS and NSPR packages.
- Relevant releases
VMware ESX 4.0 without patches ESX400-201009407-SG, ESX400-201009408-SG, ESX400-201009409-SG, ESX400-201009410-SG, ESX400-201009401-SG
Notes: Effective May 2010, VMware's patch and update release program during Extended Support will be continued with the condition that all subsequent patch and update releases will be based on the latest baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1, ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section "End of Product Availability FAQs" at http://www.vmware.com/support/policies/lifecycle/vi/faq.html for details.
Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan to upgrade to at least ESX 3.5 and preferably to the newest release available.
- Problem Description
a. Service Console update for NSS_db
The service console package NSS_db is updated to version
nss_db-2.2-35.4.el5_5.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0826 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201009407-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Service Console update for OpenLDAP
The service console package OpenLDAP updated to version
2.3.43-12.el5.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-3767 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201009408-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
c. Service Console update for cURL
The service console packages for cURL updated to version
7.15.5-9.el5.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0734 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201009409-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
d. Service Console update for sudo
The service console package sudo updated to version 1.7.2p1-7.el5_5.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1646 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201009410-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
e. Service Console update for OpenSSL, GnuTLS, NSS and NSPR
Service Console updates for OpenSSL to version 097a-0.9.7a-9.el5_4.2
and version 0.9.8e-12.el5_4.6, GnuTLS to version 1.4.1-3.el5_4.8,
and NSS to version 3.12.6-1.3235.vmw and NSPR to version
4.8.4-1.3235.vmw. These four updates are bundled together due to
their mutual dependencies.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-3555, CVE-2009-2409, CVE-2009-3245
and CVE-2010-0433 to the issues addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201009401-SG **
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
-
hosted products are VMware Workstation, Player, ACE, Server, Fusion. ** Note: This patch also addresses non-security issues. See KB article 1023759 for details.
-
Solution
Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.
ESX 4.0
ESX400-201009001 Download link: http://bit.ly/adhjEu md5sum: 988c593b7a7abf0be5b72970ac64a369 sha1sum: 26d875955b01c19f4e56703216e135257c08836f http://kb.vmware.com/kb/1025321
ESX400-201009001 contains the following security bulletins: ESX400-201009407-SG (NSS_db) | http://kb.vmware.com/kb/1023763 ESX400-201009408-SG (OpenLDAP) | http://kb.vmware.com/kb/1023764 ESX400-201009409-SG (cURL) | http://kb.vmware.com/kb/1023765 ESX400-201009410-SG (sudo) | http://kb.vmware.com/kb/1023766 ESX400-201009401-SG (OpenSSL, GnuTLS, NSS) | http://kb.vmware.com/kb/1023759
And contains the following security bundles from VMSA-2010-0013.1: ESX400-201009402-SG (cpio) | http://kb.vmware.com/kb/1023760 ESX400-201009406-SG (tar) | http://kb.vmware.com/kb/1023762 ESX400-201009403-SG (krb5) | http://kb.vmware.com/kb/1023761 ESX400-201009411-SG (perl) | http://kb.vmware.com/kb/1023767
And also contains ESX400-201009412-BG a non-security critical update.
To install an individual bulletin use esxupdate with the -b option.
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433
- Change log
2010-09-30 VMSA-2010-0015 Initial security advisory after release of patches for ESX 4.0 on 2010-09-30
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware Security Advisories http://www.vmware.com/security/advisoiries
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2010 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32)
iEYEARECAAYFAkykSsUACgkQS2KysvBH1xn89gCcCMcHvt1LDG9pNh5lbRmxphDg R2UAmQHIUDg4mWUStJolvh98eiTS140I =bM3K -----END PGP SIGNATURE----- .
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
The updated packages have been patched to correct this issue. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFLXwOHmqjQ0CJFipgRAp7yAJ40umReJDo1Asg6BoihvuXXShK+vACeP+Vx 9jUkR+Zs9Nl7nEVuZXdjAvw= =Fkxu -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-858-1 November 12, 2009 openldap2.2 vulnerability CVE-2009-3767 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: libldap-2.2-7 2.2.26-5ubuntu2.9
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.diff.gz
Size/MD5: 516098 098a03b4f7d511ce730e9647deca2072
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.dsc
Size/MD5: 1028 5a95dae94a1016fbcf41c1c1992ea8e6
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz
Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_amd64.deb
Size/MD5: 130854 1f1b40b12adcb557a810194d0c4f7993
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_amd64.deb
Size/MD5: 166444 500528d10502361c075a08578c1586f5
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_amd64.deb
Size/MD5: 961974 f56eef919306d6ca7f4a7a090d2ae6ba
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_i386.deb
Size/MD5: 118638 0558a833fb6eadf4d87bd9fd6e687838
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_i386.deb
Size/MD5: 146444 fc85d5259c97622324047bbda153937d
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_i386.deb
Size/MD5: 873424 358c78f76ee16010c1fb81e89adfe849
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_powerpc.deb
Size/MD5: 133012 92d9de435a795261e6bf4143f2bf59c7
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_powerpc.deb
Size/MD5: 157480 099b1ee5e158f77be109a7972587f596
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_powerpc.deb
Size/MD5: 960052 850fb56995224edd6ae329af1b8236ef
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_sparc.deb
Size/MD5: 120932 4fa0f7accd968ba71dff1f7c5b2ef811
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_sparc.deb
Size/MD5: 148546 2d1af209a8b53a8315fbd4bd86573d70
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_sparc.deb
Size/MD5: 903928 4aa6b0478821e803c80a020b031aafed
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200909-0789", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openldap", "scope": null, "trust": 1.4, "vendor": "openldap", "version": null }, { "model": "openldap", "scope": "lt", "trust": 1.0, "vendor": "openldap", "version": "2.4.18" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "11" }, { "model": "mac os x", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.6.2" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0 (x86-64)" }, { "model": "turbolinux appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "2.0" }, { "model": "turbolinux appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "3.0" }, { "model": "turbolinux appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "3.0 (x64)" }, { "model": "turbolinux client", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "2008" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "10" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "10 (x64)" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "11" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "11 (x64)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8 (es)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.3.39" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.3.41" }, { "model": "2.3.28-e1.0.0", "scope": null, "trust": 0.3, "vendor": "openldap", "version": null }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.3.28-2.20061022" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.3.25" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.21" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "jboss enterprise web server for rhel es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "41.0" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.11-9" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.25" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.22" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.11-11" }, { "model": "jboss enterprise web server for rhel es", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "41.0.2" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jboss enterprise web server for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "61.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.11" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "intuity audix lx sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.6" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.4.2" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.4" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.4.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.16" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.13" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "intuity audix lx sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "enterprise linux as 4.8.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.3.27-2.20061018" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "-11s", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.11" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.3.28-20061022" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.13" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.20" }, { "model": "jboss enterprise web server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0" }, { "model": "jboss enterprise web server for rhel as", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "41.0.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.3.40" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.0" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.5" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.14" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "jboss enterprise web server for solaris", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.25" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.15" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.1" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.12" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "jboss enterprise web server for rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "51.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jboss enterprise web server for windows", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.22" }, { "model": "jboss enterprise web server for windows", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.11" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.10" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jboss enterprise web server for rhel as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "41.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.1" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.2.26" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.18" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.23" }, { "model": "jboss enterprise web server el4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.14" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.7" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.20" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.4" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.3.27" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.30" }, { "model": "jboss enterprise web server for solaris", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.9" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.2.15" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.17" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.3.6" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.19" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.27" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.17" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.3" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.4" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.12" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.18" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux es 4.8.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.10" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "intuity audix lx", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "pardus", "version": "20090" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.2.29" }, { "model": "jboss enterprise web server for rhel", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "61.0.2" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.2.6" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.19" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.1.16" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.1" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.15" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "jboss enterprise web server for rhel server", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "51.0.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.4.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "openldap", "scope": "eq", "trust": 0.3, "vendor": "openldap", "version": "2.0.8" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" } ], "sources": [ { "db": "BID", "id": "36844" }, { "db": "JVNDB", "id": "JVNDB-2009-002318" }, { "db": "CNNVD", "id": "CNNVD-200910-373" }, { "db": "NVD", "id": "CVE-2009-3767" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:openldap:openldap", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_client", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-002318" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Joe Orton", "sources": [ { "db": "BID", "id": "36844" } ], "trust": 0.3 }, "cve": "CVE-2009-3767", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2009-3767", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2009-3767", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-41213", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2009-3767", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2009-3767", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200910-373", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-41213", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2009-3767", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-41213" }, { "db": "VULMON", "id": "CVE-2009-3767" }, { "db": "JVNDB", "id": "JVNDB-2009-002318" }, { "db": "CNNVD", "id": "CNNVD-200910-373" }, { "db": "NVD", "id": "CVE-2009-3767" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SSL A vulnerability that impersonates a server exists. This vulnerability CVE-2009-2408 And is related.By crafted certificate, any SSL There is a possibility of impersonating a server. OpenLDAP is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Summary:\n\nJBoss Enterprise Web Server 1.0.2 is now available from the Red Hat\nCustomer Portal for Red Hat Enterprise Linux 4, 5 and 6, Solaris, and\nMicrosoft Windows. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. Description:\n\nJBoss Enterprise Web Server is a fully-integrated and certified set of\ncomponents for hosting Java web applications. \n\nThis is the first release of JBoss Enterprise Web Server for Red Hat\nEnterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, Solaris, and\nMicrosoft Windows, this release serves as a replacement for JBoss\nEnterprise Web Server 1.0.1, and includes a number of bug fixes. Refer to\nthe Release Notes, linked in the References, for more information. \n\nThis update corrects security flaws in the following components:\n\ntomcat6:\n\nA cross-site scripting (XSS) flaw was found in the Manager application,\nused for managing web applications on Apache Tomcat. If a remote attacker\ncould trick a user who is logged into the Manager application into visiting\na specially-crafted URL, the attacker could perform Manager application\ntasks with the privileges of the logged in user. (CVE-2010-4172)\n\ntomcat5 and tomcat6:\n\nIt was found that web applications could modify the location of the Apache\nTomcat host\u0027s work directory. As web applications deployed on Tomcat have\nread and write access to this directory, a malicious web application could\nuse this flaw to trick Tomcat into giving it read and write access to an\narbitrary directory on the file system. (CVE-2010-3718)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to conduct an\nXSS attack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web pages. \n(CVE-2011-0013)\n\nA possible minor information leak was found in the way Apache Tomcat\ngenerated HTTP BASIC and DIGEST authentication requests. For configurations\nwhere a realm name was not specified and Tomcat was accessed via a proxy,\nthe default generated realm contained the hostname and port used by the\nproxy to send requests to the Tomcat server. (CVE-2010-1157)\n\nhttpd:\n\nA flaw was found in the way the mod_dav module of the Apache HTTP Server\nhandled certain requests. If a remote attacker were to send a carefully\ncrafted request to the server, it could cause the httpd child process to\ncrash. (CVE-2010-1452)\n\nA flaw was discovered in the way the mod_proxy_http module of the Apache\nHTTP Server handled the timeouts of requests forwarded by a reverse proxy\nto the back-end server. In some configurations, the proxy could return\na response intended for another user under certain timeout conditions,\npossibly leading to information disclosure. Note: This issue only affected\nhttpd running on the Windows operating system. (CVE-2010-2068)\n\napr:\n\nIt was found that the apr_fnmatch() function used an unconstrained\nrecursion when processing patterns with the \u0027*\u0027 wildcard. An attacker could\nuse this flaw to cause an application using this function, which also\naccepted untrusted input as a pattern for matching (such as an httpd server\nusing the mod_autoindex module), to exhaust all stack memory or use an\nexcessive amount of CPU time when performing matching. (CVE-2011-0419)\n\napr-util:\n\nIt was found that certain input could cause the apr-util library to\nallocate more memory than intended in the apr_brigade_split_line()\nfunction. An attacker able to provide input in small chunks to an\napplication using the apr-util library (such as httpd) could possibly use\nthis flaw to trigger high memory consumption. (CVE-2010-1623)\n\nThe following flaws were corrected in the packages for Solaris and Windows. \nUpdates for Red Hat Enterprise Linux can be downloaded from the Red Hat\nNetwork. \n\nMultiple flaws in OpenSSL, which could possibly cause a crash, code\nexecution, or a change of session parameters, have been corrected. \n(CVE-2009-3245, CVE-2010-4180, CVE-2008-7270)\n\nTwo denial of service flaws were corrected in Expat. (CVE-2009-3560,\nCVE-2009-3720)\n\nAn X.509 certificate verification flaw was corrected in OpenLDAP. \n(CVE-2009-3767)\n\nMore information about these flaws is available from the CVE links in the\nReferences. Solution:\n\nAll users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Enterprise Web Server\n1.0.2, which corrects these issues. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before installing the update, backup your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). Apache Tomcat and the Apache HTTP\nServer must be restarted for the update to take effect. Bugs fixed (http://bugzilla.redhat.com/):\n\n530715 - CVE-2009-3767 OpenLDAP: Doesn\u0027t properly handle NULL character in subject Common Name\n531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences\n533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences\n570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks\n585331 - CVE-2010-1157 tomcat: information disclosure in authentication headers\n618189 - CVE-2010-1452 httpd mod_cache, mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments\n632994 - CVE-2010-2068 httpd (mod_proxy): Sensitive response disclosure due improper handling of timeouts\n640281 - CVE-2010-1623 apr-util: high memory consumption in apr_brigade_split_line()\n656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application\n659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack\n660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack\n675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface\n675792 - CVE-2010-3718 tomcat: file permission bypass flaw\n703390 - CVE-2011-0419 apr: unconstrained recursion in apr_fnmatch\n\n5. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n\nFor the oldstable distribution (etch), this problem has been fixed in version\n2.3.30-5+etch3 for openldap2.3. \n\nFor the stable distribution (lenny), this problem has been fixed in version\n2.4.11-1+lenny1 for openldap. \n\nFor the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem has been fixed in version 2.4.17-2.1 for openldap. \n\n\nWe recommend that you upgrade your openldap2.3/openldap packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips,\nmipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz\n Size/MD5 checksum: 2971126 c40bcc23fa65908b8d7a86a4a6061251\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.dsc\n Size/MD5 checksum: 1214 36efc1cf2a98c54d4b1da0910e273843\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.diff.gz\n Size/MD5 checksum: 315058 310ce752b78ff3227d78dcd8c1bd60a5\n\nalpha architecture (DEC Alpha)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_alpha.deb\n Size/MD5 checksum: 293108 2172048d5f8b8b7f379b3414fc5c2e37\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_alpha.deb\n Size/MD5 checksum: 1280772 ab65f162a40607c1787f9b03783a7563\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_alpha.deb\n Size/MD5 checksum: 193768 602a6da790648dd8b0af7d9f386b5c6e\n\namd64 architecture (AMD x86_64 (AMD64))\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_amd64.deb\n Size/MD5 checksum: 285554 42480b47018eb1d70b9e62d05b925a5b\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_amd64.deb\n Size/MD5 checksum: 1244570 b88256f8259516b09c51f166ff6b4aea\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_amd64.deb\n Size/MD5 checksum: 184652 716cc53985a031d1fe03fede778d6ae5\n\narm architecture (ARM)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_arm.deb\n Size/MD5 checksum: 1190314 8686c6a9a9240e6113f92c8bb20d7e1a\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_arm.deb\n Size/MD5 checksum: 254828 49d9c9a250fb4a5a828de5791ee92380\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_arm.deb\n Size/MD5 checksum: 155876 bb45d3104fe4b9811fdb3063da42d3b1\n\nhppa architecture (HP PA RISC)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_hppa.deb\n Size/MD5 checksum: 1307146 698d7416e4cc544522ce2e25ac9c0fce\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_hppa.deb\n Size/MD5 checksum: 292798 eb9d6d19560a1153cc58ccae3f354a4e\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_hppa.deb\n Size/MD5 checksum: 182568 caade74265ee9d7b8ac77c844c23b413\n\ni386 architecture (Intel ia32)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_i386.deb\n Size/MD5 checksum: 1177552 f3ccf11b82474593af5e30a272f9edb9\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_i386.deb\n Size/MD5 checksum: 148744 168e58797e74f9b3b6d3c337b6369ca7\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_i386.deb\n Size/MD5 checksum: 266538 3be52b8402d06913624a3e808be58ecb\n\nia64 architecture (Intel ia64)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_ia64.deb\n Size/MD5 checksum: 239248 78d1537b3a106824ff5d076e828a0312\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_ia64.deb\n Size/MD5 checksum: 379904 dbc96e1a44dce4bb5f79b9c043823293\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_ia64.deb\n Size/MD5 checksum: 1660854 fcc2873ffd50e45c956d9bcc81d83c51\n\nmips architecture (MIPS (Big Endian))\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mips.deb\n Size/MD5 checksum: 258210 298f5a83a1efd8c035644fd58df21f2c\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mips.deb\n Size/MD5 checksum: 185598 b6c67ee072f2de03820e7ce11edb39c3\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mips.deb\n Size/MD5 checksum: 1205768 3f312958af5ea129384513e5fab72208\n\nmipsel architecture (MIPS (Little Endian))\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mipsel.deb\n Size/MD5 checksum: 258852 d7ba57787989e3fb5035fce34b04965d\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mipsel.deb\n Size/MD5 checksum: 187100 46910e3923926ac060c13a7a53f8cac4\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mipsel.deb\n Size/MD5 checksum: 1188878 5698884b42d7206c2b0c134602861354\n\npowerpc architecture (PowerPC)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_powerpc.deb\n Size/MD5 checksum: 188914 e03855167b8e13bdb72e47baa9644f86\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_powerpc.deb\n Size/MD5 checksum: 272378 f5741b7ac8f4172e7481f5c2e699231b\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_powerpc.deb\n Size/MD5 checksum: 1243754 2a8b933e956e5ac4bc29028688bb09ec\n\ns390 architecture (IBM S/390)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_s390.deb\n Size/MD5 checksum: 291822 6b47ac5b7fbc269c1973c494d5dadbc2\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_s390.deb\n Size/MD5 checksum: 168716 f72b023d98d61565c624f7acbf953baf\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_s390.deb\n Size/MD5 checksum: 1241532 0167eb506b063de5435181f40c6cf809\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_sparc.deb\n Size/MD5 checksum: 1177712 770a58d0c60ad11e5ca4cf25159fe2c7\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_sparc.deb\n Size/MD5 checksum: 153682 d8bf20f2a94456451d4ea29d3237d280\n\nhttp://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_sparc.deb\n Size/MD5 checksum: 258560 4bfd77d56852608813f158ecfd91b42b\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,\nmips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.diff.gz\n Size/MD5 checksum: 148075 024b717169f42734ee5650ebe2978631\n\nhttp://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.dsc\n Size/MD5 checksum: 1831 ca4cb86b4847a59f95275ff2f4d0e173\n\nhttp://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11.orig.tar.gz\n Size/MD5 checksum: 4193523 d4e8669e2c9b8d981e371e97e3cf92d9\n\nalpha architecture (DEC Alpha)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_alpha.deb\n Size/MD5 checksum: 3624752 5b4e467360ecd8cc897b03b5aca57dad\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_alpha.deb\n Size/MD5 checksum: 205526 3b083869976ab4d8d8df69d27fe9480e\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_alpha.deb\n Size/MD5 checksum: 280526 4ed333757fef7e98d89c5edda6589b04\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_alpha.deb\n Size/MD5 checksum: 1537448 98d6aeab748560a491e0b526d930fc0c\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_alpha.deb\n Size/MD5 checksum: 1013148 cc656603f7ae0eacc2b3c22dd1fae967\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_alpha.deb\n Size/MD5 checksum: 285128 e526e547a4af2c13bf3ae90dfdf023a2\n\namd64 architecture (AMD x86_64 (AMD64))\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_amd64.deb\n Size/MD5 checksum: 1493300 31c077d63cc2ff159927939cadb29808\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_amd64.deb\n Size/MD5 checksum: 299612 e148216f77a9136adb19acd8df026d6d\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_amd64.deb\n Size/MD5 checksum: 267470 f903f46433faa1d2b6b203e50aaed3d8\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_amd64.deb\n Size/MD5 checksum: 881074 de337737dd93af0b81bd90e3c6f23377\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_amd64.deb\n Size/MD5 checksum: 3664994 8ad4581bd54e1ed7a8f3c1c8bf210c17\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_amd64.deb\n Size/MD5 checksum: 204896 c0dba3b62aa14392d29f831d6c87206d\n\narm architecture (ARM)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_arm.deb\n Size/MD5 checksum: 280140 ccaed923684d35304f50f27fc6b868b3\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_arm.deb\n Size/MD5 checksum: 248918 a08cf9fd18ce8806be437c364179c2b3\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_arm.deb\n Size/MD5 checksum: 877400 614df898211cc5311a62159f6ee21b93\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_arm.deb\n Size/MD5 checksum: 1405962 5e1e62d6f0a5984486fa2eaa478eab38\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_arm.deb\n Size/MD5 checksum: 180520 96b5fe5d50b9a1d59eb5ab03489a1b90\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_arm.deb\n Size/MD5 checksum: 3572646 a8e804a9e966a57306a9229acd11ff80\n\nhppa architecture (HP PA RISC)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_hppa.deb\n Size/MD5 checksum: 1533292 8d5c2d83596b10c9d3ee7a4dcb692026\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_hppa.deb\n Size/MD5 checksum: 3619256 2ad8452962291b553fadc8bb6398f834\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_hppa.deb\n Size/MD5 checksum: 200874 27205d8a86701cb133f7507eeef5e76a\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_hppa.deb\n Size/MD5 checksum: 283816 1163f67e39b08c10cf492b24bd526f24\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_hppa.deb\n Size/MD5 checksum: 264158 905749f1e385f9d93c2358b05dc42dfb\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_hppa.deb\n Size/MD5 checksum: 999386 6a071952604a9c30483fca7f3a3754ec\n\ni386 architecture (Intel ia32)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_i386.deb\n Size/MD5 checksum: 189442 879dac84b581979646c49bde9743c630\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_i386.deb\n Size/MD5 checksum: 286808 2dcb4f8e5514d9e4d9072b4853da322d\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_i386.deb\n Size/MD5 checksum: 892068 449ba5d6037617e4e93dfd6bcb093549\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_i386.deb\n Size/MD5 checksum: 3560322 c6a6fbc66944bd05585c1065ab012c93\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_i386.deb\n Size/MD5 checksum: 244952 5a5b31ebb9098059e62eb57d209a6846\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_i386.deb\n Size/MD5 checksum: 1404266 a3bffb93ec3b0d0d130a6a7e29091a9b\n\nia64 architecture (Intel ia64)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_ia64.deb\n Size/MD5 checksum: 3589108 d34afb06a3b21ad7267ef5d31b6ad322\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_ia64.deb\n Size/MD5 checksum: 932026 1194a002673f8a73cf382c2333c7882b\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_ia64.deb\n Size/MD5 checksum: 352020 e40c570396514fee0c6eee3920be2607\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_ia64.deb\n Size/MD5 checksum: 269084 1720388cc8102f33122375034a703a05\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_ia64.deb\n Size/MD5 checksum: 259018 658248f4329555e81896800709302575\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_ia64.deb\n Size/MD5 checksum: 2006532 6ad20563d8999759f32445576fd69856\n\nmips architecture (MIPS (Big Endian))\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_mips.deb\n Size/MD5 checksum: 3712752 8d48a2797c1f4e6b5dea203698e4b31c\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_mips.deb\n Size/MD5 checksum: 180956 88613b463fcdba79539048ce681d4f5e\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_mips.deb\n Size/MD5 checksum: 260240 f6fa5402a6fc03aef4b87735030969c5\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_mips.deb\n Size/MD5 checksum: 854756 76ad64ab6fe85c5bfc654266101e024a\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_mips.deb\n Size/MD5 checksum: 1394436 4930b2b56c642182c8ccd69d5bc53685\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_mips.deb\n Size/MD5 checksum: 302106 3672bab4d2c0c037a1d9c0a61fa16139\n\npowerpc architecture (PowerPC)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_powerpc.deb\n Size/MD5 checksum: 3718584 7b120292ce66e7ea85b3ad623da0bb4e\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_powerpc.deb\n Size/MD5 checksum: 295146 f131ea5cdbab25c2416ff06f6697bc08\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_powerpc.deb\n Size/MD5 checksum: 199248 c683d506deb5fadabea906c9dec36c9f\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_powerpc.deb\n Size/MD5 checksum: 1536614 b5c37ae6f72127bdf6910100edeb06e5\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_powerpc.deb\n Size/MD5 checksum: 907106 6af4614c092e6ccda8580e6a73cb8728\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_powerpc.deb\n Size/MD5 checksum: 284952 b75e2ddab46ddab036ef40b21cec63ee\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_sparc.deb\n Size/MD5 checksum: 872178 a7739e034d0df26a69e0cb569802d594\n\nhttp://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_sparc.deb\n Size/MD5 checksum: 249022 334ecf73608e20ec6cff79716cf10fde\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_sparc.deb\n Size/MD5 checksum: 1387990 4935db487abd61e04adb3a846ed7aadc\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_sparc.deb\n Size/MD5 checksum: 260980 006fdd6b90293fdf1331442ccabde568\n\nhttp://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_sparc.deb\n Size/MD5 checksum: 182822 73c3edfab6b52e772ed36c990c13f210\n\nhttp://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_sparc.deb\n Size/MD5 checksum: 3502906 c19b8875ae915cec344bb74a5e462e44\n\n\n These files will probably be moved into the stable distribution on\n its next update. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201406-36\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenLDAP: Multiple vulnerabilities\n Date: June 30, 2014\n Bugs: #290345, #323777, #355333, #388605, #407941, #424167\n ID: 201406-36\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in OpenLDAP, allowing for Denial of\nService or a man-in-the-middle attack. \n\nBackground\n==========\n\nOpenLDAP is an LDAP suite of application and development tools. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-nds/openldap \u003c 2.4.35 \u003e= 2.4.35\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenLDAP. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker might employ a specially crafted certificate to\nconduct man-in-the-middle attacks on SSL connections made using\nOpenLDAP, bypass security restrictions or cause a Denial of Service\ncondition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenLDAP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-nds/openldap-2.4.35\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3767\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3767\n[ 2 ] CVE-2010-0211\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0211\n[ 3 ] CVE-2010-0212\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0212\n[ 4 ] CVE-2011-1024\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1024\n[ 5 ] CVE-2011-1025\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1025\n[ 6 ] CVE-2011-1081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1081\n[ 7 ] CVE-2011-4079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4079\n[ 8 ] CVE-2012-1164\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1164\n[ 9 ] CVE-2012-2668\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2668\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201406-36.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2010-0015\nSynopsis: VMware ESX third party updates for Service Console\nIssue date: 2010-09-30\nUpdated on: 2010-09-30 (initial release of advisory)\nCVE numbers: CVE-2010-0826 CVE-2009-3767 CVE-2010-0734\n CVE-2010-1646 CVE-2009-3555 CVE-2009-2409\n CVE-2009-3245 CVE-2010-0433\n- ------------------------------------------------------------------------\n\n1. Summary\n\n ESX 4.0 Console OS (COS) updates for NSS_db, OpenLDAP, cURL, sudo\n OpenSSL, GnuTLS, NSS and NSPR packages. \n\n2. Relevant releases\n\n VMware ESX 4.0 without patches ESX400-201009407-SG,\n ESX400-201009408-SG, ESX400-201009409-SG, ESX400-201009410-SG,\n ESX400-201009401-SG\n\n Notes:\n Effective May 2010, VMware\u0027s patch and update release program during\n Extended Support will be continued with the condition that all\n subsequent patch and update releases will be based on the latest\n baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,\n ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section\n \"End of Product Availability FAQs\" at\n http://www.vmware.com/support/policies/lifecycle/vi/faq.html for\n details. \n\n Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan\n to upgrade to at least ESX 3.5 and preferably to the newest release\n available. \n\n3. Problem Description\n\n a. Service Console update for NSS_db\n\n The service console package NSS_db is updated to version\n nss_db-2.2-35.4.el5_5. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-0826 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX affected, patch pending\n ESX 4.0 ESX ESX400-201009407-SG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n b. Service Console update for OpenLDAP\n\n The service console package OpenLDAP updated to version\n 2.3.43-12.el5. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-3767 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX affected, patch pending\n ESX 4.0 ESX ESX400-201009408-SG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n c. Service Console update for cURL\n\n The service console packages for cURL updated to version\n 7.15.5-9.el5. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-0734 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX affected, patch pending\n ESX 4.0 ESX ESX400-201009409-SG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n d. Service Console update for sudo\n\n The service console package sudo updated to version 1.7.2p1-7.el5_5. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-1646 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX affected, patch pending\n ESX 4.0 ESX ESX400-201009410-SG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n e. Service Console update for OpenSSL, GnuTLS, NSS and NSPR\n\n Service Console updates for OpenSSL to version 097a-0.9.7a-9.el5_4.2\n and version 0.9.8e-12.el5_4.6, GnuTLS to version 1.4.1-3.el5_4.8,\n and NSS to version 3.12.6-1.3235.vmw and NSPR to version\n 4.8.4-1.3235.vmw. These four updates are bundled together due to\n their mutual dependencies. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-3555, CVE-2009-2409, CVE-2009-3245\n and CVE-2010-0433 to the issues addressed in this update. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX affected, patch pending\n ESX 4.0 ESX ESX400-201009401-SG **\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n ** Note: This patch also addresses non-security issues. See KB article\n 1023759 for details. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum of your downloaded file. \n\n ESX 4.0\n -------\n ESX400-201009001\n Download link: http://bit.ly/adhjEu\n md5sum: 988c593b7a7abf0be5b72970ac64a369\n sha1sum: 26d875955b01c19f4e56703216e135257c08836f\n http://kb.vmware.com/kb/1025321\n\n ESX400-201009001 contains the following security bulletins:\n ESX400-201009407-SG (NSS_db) | http://kb.vmware.com/kb/1023763\n ESX400-201009408-SG (OpenLDAP) | http://kb.vmware.com/kb/1023764\n ESX400-201009409-SG (cURL) | http://kb.vmware.com/kb/1023765\n ESX400-201009410-SG (sudo) | http://kb.vmware.com/kb/1023766\n ESX400-201009401-SG (OpenSSL, GnuTLS, NSS)\n | http://kb.vmware.com/kb/1023759\n\n And contains the following security bundles from VMSA-2010-0013.1:\n ESX400-201009402-SG (cpio) | http://kb.vmware.com/kb/1023760\n ESX400-201009406-SG (tar) | http://kb.vmware.com/kb/1023762\n ESX400-201009403-SG (krb5) | http://kb.vmware.com/kb/1023761\n ESX400-201009411-SG (perl) | http://kb.vmware.com/kb/1023767\n\n And also contains ESX400-201009412-BG a non-security critical update. \n\n To install an individual bulletin use esxupdate with the -b option. \n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0826\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1646\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n2010-09-30 VMSA-2010-0015\nInitial security advisory after release of patches for ESX 4.0\non 2010-09-30\n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisoiries\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2010 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (MingW32)\n\niEYEARECAAYFAkykSsUACgkQS2KysvBH1xn89gCcCMcHvt1LDG9pNh5lbRmxphDg\nR2UAmQHIUDg4mWUStJolvh98eiTS140I\n=bM3K\n-----END PGP SIGNATURE-----\n. \n \n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers. \n \n The updated packages have been patched to correct this issue. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLXwOHmqjQ0CJFipgRAp7yAJ40umReJDo1Asg6BoihvuXXShK+vACeP+Vx\n9jUkR+Zs9Nl7nEVuZXdjAvw=\n=Fkxu\n-----END PGP SIGNATURE-----\n. ===========================================================\nUbuntu Security Notice USN-858-1 November 12, 2009\nopenldap2.2 vulnerability\nCVE-2009-3767\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n libldap-2.2-7 2.2.26-5ubuntu2.9\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIt was discovered that OpenLDAP did not correctly handle SSL certificates\nwith zero bytes in the Common Name. A remote attacker could exploit this to\nperform a man in the middle attack to view sensitive information or alter\nencrypted communications. \n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.diff.gz\n Size/MD5: 516098 098a03b4f7d511ce730e9647deca2072\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.dsc\n Size/MD5: 1028 5a95dae94a1016fbcf41c1c1992ea8e6\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz\n Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_amd64.deb\n Size/MD5: 130854 1f1b40b12adcb557a810194d0c4f7993\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_amd64.deb\n Size/MD5: 166444 500528d10502361c075a08578c1586f5\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_amd64.deb\n Size/MD5: 961974 f56eef919306d6ca7f4a7a090d2ae6ba\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_i386.deb\n Size/MD5: 118638 0558a833fb6eadf4d87bd9fd6e687838\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_i386.deb\n Size/MD5: 146444 fc85d5259c97622324047bbda153937d\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_i386.deb\n Size/MD5: 873424 358c78f76ee16010c1fb81e89adfe849\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_powerpc.deb\n Size/MD5: 133012 92d9de435a795261e6bf4143f2bf59c7\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_powerpc.deb\n Size/MD5: 157480 099b1ee5e158f77be109a7972587f596\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_powerpc.deb\n Size/MD5: 960052 850fb56995224edd6ae329af1b8236ef\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_sparc.deb\n Size/MD5: 120932 4fa0f7accd968ba71dff1f7c5b2ef811\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_sparc.deb\n Size/MD5: 148546 2d1af209a8b53a8315fbd4bd86573d70\n http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_sparc.deb\n Size/MD5: 903928 4aa6b0478821e803c80a020b031aafed\n\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2009-3767" }, { "db": "JVNDB", "id": "JVNDB-2009-002318" }, { "db": "BID", "id": "36844" }, { "db": "VULHUB", "id": "VHN-41213" }, { "db": "VULMON", "id": "CVE-2009-3767" }, { "db": "PACKETSTORM", "id": "102534" }, { "db": "PACKETSTORM", "id": "83390" }, { "db": "PACKETSTORM", "id": "127311" }, { "db": "PACKETSTORM", "id": "94383" }, { "db": "PACKETSTORM", "id": "85655" }, { "db": "PACKETSTORM", "id": "82682" } ], "trust": 2.61 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-41213", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-41213" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-3767", "trust": 3.5 }, { "db": "VUPEN", "id": "ADV-2009-3056", "trust": 2.5 }, { "db": "SECUNIA", "id": "40677", "trust": 1.8 }, { "db": "SECUNIA", "id": "38769", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2010-1858", "trust": 1.7 }, { "db": "BID", "id": "36844", "trust": 1.2 }, { "db": "JVNDB", "id": "JVNDB-2009-002318", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200910-373", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "127311", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "85655", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "82682", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "83390", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-41213", "trust": 0.1 }, { "db": "VUPEN", "id": "2010/1858", "trust": 0.1 }, { "db": "VUPEN", "id": "2009/3056", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2009-3767", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102534", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "94383", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41213" }, { "db": "VULMON", "id": "CVE-2009-3767" }, { "db": "BID", "id": "36844" }, { "db": "JVNDB", "id": "JVNDB-2009-002318" }, { "db": "PACKETSTORM", "id": "102534" }, { "db": "PACKETSTORM", "id": "83390" }, { "db": "PACKETSTORM", "id": "127311" }, { "db": "PACKETSTORM", "id": "94383" }, { "db": "PACKETSTORM", "id": "85655" }, { "db": "PACKETSTORM", "id": "82682" }, { "db": "CNNVD", "id": "CNNVD-200910-373" }, { "db": "NVD", "id": "CVE-2009-3767" } ] }, "id": "VAR-200909-0789", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-41213" } ], "trust": 0.01 }, "last_update_date": "2024-11-29T22:16:41.767000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "openldap-2.3.43-12.0.1.AXS3", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1020" }, { "title": "2098", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2098" }, { "title": "msg00165", "trust": 0.8, "url": "http://www.openldap.org/lists/openldap-bugs/200907/msg00165.html" }, { "title": "msg00166", "trust": 0.8, "url": "http://www.openldap.org/lists/openldap-bugs/200907/msg00166.html" }, { "title": "RHSA-2010:0543", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2010-0543.html" }, { "title": "Release Changes", "trust": 0.8, "url": "http://www.openldap.org/software/release/changes.html" }, { "title": "TLSA-2010-31", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-31j.txt" }, { "title": "Red Hat: Moderate: openldap security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100198 - Security Advisory" }, { "title": "Red Hat: Moderate: openldap security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100543 - Security Advisory" }, { "title": "Ubuntu Security Notice: openldap2.2 vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-858-1" }, { "title": "Debian Security Advisories: DSA-1943-1 openldap openldap2.3 -- insufficient input validation", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4eea3f958ee1a68189dad698812fead3" }, { "title": "Debian CVElist Bug Report Logs: CVE-2009-3767: Doesn\u0027t properly handle NULL character in subject Common Name", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=12cb27014f8e65a04447ce80bf941573" }, { "title": "VMware Security Advisories: VMware ESX third party updates for Service Console", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=d8e6425b0cb8b545dc1e50945dafb2c0" } ], "sources": [ { "db": "VULMON", "id": "CVE-2009-3767" }, { "db": "JVNDB", "id": "JVNDB-2009-002318" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-295", "trust": 1.1 }, { "problemtype": "CWE-310", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41213" }, { "db": "JVNDB", "id": "JVNDB-2009-002318" }, { "db": "NVD", "id": "CVE-2009-3767" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "http://www.vupen.com/english/advisories/2009/3056" }, { "trust": 2.0, "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2" }, { "trust": 2.0, "url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8\u0026r2=1.11\u0026f=h" }, { "trust": 1.9, "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2009/nov/msg00000.html" }, { "trust": 1.8, "url": "http://support.apple.com/kb/ht3937" }, { "trust": 1.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-march/036138.html" }, { "trust": 1.8, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11178" }, { "trust": 1.8, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7274" }, { "trust": 1.8, "url": "http://www.redhat.com/support/errata/rhsa-2010-0543.html" }, { "trust": 1.8, "url": "http://www.redhat.com/support/errata/rhsa-2011-0896.html" }, { "trust": 1.8, "url": "http://secunia.com/advisories/38769" }, { "trust": 1.8, "url": "http://secunia.com/advisories/40677" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" }, { "trust": 1.8, "url": "http://www.vupen.com/english/advisories/2010/1858" }, { "trust": 1.7, "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3767" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3767" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/36844" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3767" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100081588" }, { "trust": 0.3, "url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_g.c.diff?r1=1.13\u0026r2=1.14\u0026f=h" }, { "trust": 0.3, "url": "http://www.vupen.com/english/solution-2009-3056-3.php" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2010/000106.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2010-0543.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245" }, { "trust": 0.1, "url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8\u0026amp;r2=1.11\u0026amp;f=h" }, { "trust": 0.1, "url": "http://marc.info/?l=oss-security\u0026amp;m=125198917018936\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=oss-security\u0026amp;m=125369675820512\u0026amp;w=2" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/295.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2010:0198" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=19269" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/858-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1623" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3718.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2009-3560.html" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=webserver\u0026version=1.0.2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3720" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-1623.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-1157.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2009-3767.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0013.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-7270" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4172.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0419" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0896.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4180.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2068" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0419.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3560" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2008-7270.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4180" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-1452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-2068.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2009-3245.html" }, { "trust": 0.1, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2009-3720.html" }, { "trust": 0.1, "url": "http://docs.redhat.com/docs/en-us/jboss_enterprise_web_server/1.0/html-single/release_notes_1.0.2/index.html" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mipsel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_s390.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_alpha.deb" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_s390.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.dsc" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_s390.deb" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mipsel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mipsel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.dsc" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.diff.gz" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.diff.gz" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_arm.deb" }, { "trust": 0.1, "url": "http://packages.debian.org/\u003cpkg\u003e" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_ia64.deb" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1025" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1081" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4079" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1024" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1025" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2668" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0212" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0212" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0211" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1164" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1024" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3767" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0211" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1081" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4079" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2668" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1164" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1646" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisoiries" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1023763" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0826" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2409" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2409" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0734" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1023761" }, { "trust": 0.1, "url": "http://www.vmware.com/security" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1023764" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1023767" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3245" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0826" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1023759" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://bit.ly/adhjeu" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1023766" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1023762" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1025321" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1023765" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1023760" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0433" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/lifecycle/vi/faq.html" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_amd64.deb" } ], "sources": [ { "db": "VULHUB", "id": "VHN-41213" }, { "db": "VULMON", "id": "CVE-2009-3767" }, { "db": "BID", "id": "36844" }, { "db": "JVNDB", "id": "JVNDB-2009-002318" }, { "db": "PACKETSTORM", "id": "102534" }, { "db": "PACKETSTORM", "id": "83390" }, { "db": "PACKETSTORM", "id": "127311" }, { "db": "PACKETSTORM", "id": "94383" }, { "db": "PACKETSTORM", "id": "85655" }, { "db": "PACKETSTORM", "id": "82682" }, { "db": "CNNVD", "id": "CNNVD-200910-373" }, { "db": "NVD", "id": "CVE-2009-3767" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-41213" }, { "db": "VULMON", "id": "CVE-2009-3767" }, { "db": "BID", "id": "36844" }, { "db": "JVNDB", "id": "JVNDB-2009-002318" }, { "db": "PACKETSTORM", "id": "102534" }, { "db": "PACKETSTORM", "id": "83390" }, { "db": "PACKETSTORM", "id": "127311" }, { "db": "PACKETSTORM", "id": "94383" }, { "db": "PACKETSTORM", "id": "85655" }, { "db": "PACKETSTORM", "id": "82682" }, { "db": "CNNVD", "id": "CNNVD-200910-373" }, { "db": "NVD", "id": "CVE-2009-3767" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-10-23T00:00:00", "db": "VULHUB", "id": "VHN-41213" }, { "date": "2009-10-23T00:00:00", "db": "VULMON", "id": "CVE-2009-3767" }, { "date": "2009-09-03T00:00:00", "db": "BID", "id": "36844" }, { "date": "2009-12-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-002318" }, { "date": "2011-06-24T08:07:26", "db": "PACKETSTORM", "id": "102534" }, { "date": "2009-12-03T18:35:38", "db": "PACKETSTORM", "id": "83390" }, { "date": "2014-07-01T06:17:05", "db": "PACKETSTORM", "id": "127311" }, { "date": "2010-09-30T16:07:42", "db": "PACKETSTORM", "id": "94383" }, { "date": "2010-01-27T14:51:43", "db": "PACKETSTORM", "id": "85655" }, { "date": "2009-11-17T03:15:11", "db": "PACKETSTORM", "id": "82682" }, { "date": "2009-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-200910-373" }, { "date": "2009-10-23T19:30:00.250000", "db": "NVD", "id": "CVE-2009-3767" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-14T00:00:00", "db": "VULHUB", "id": "VHN-41213" }, { "date": "2020-10-14T00:00:00", "db": "VULMON", "id": "CVE-2009-3767" }, { "date": "2015-04-13T21:47:00", "db": "BID", "id": "36844" }, { "date": "2010-09-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-002318" }, { "date": "2021-08-16T00:00:00", "db": "CNNVD", "id": "CNNVD-200910-373" }, { "date": "2024-11-21T01:08:08.933000", "db": "NVD", "id": "CVE-2009-3767" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "82682" }, { "db": "CNNVD", "id": "CNNVD-200910-373" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenLDAP In any SSL Vulnerability impersonating a server", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-002318" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "trust management problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-200910-373" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.