Lucene search
SecurityvulnsSECURITYVULNS:DOC:22791HistoryNov 13, 2009 - 12:00 a.m.
[USN-858-1] OpenLDAP vulnerability
2009-11-1300:00:00
vulners.com
19
===========================================================
Ubuntu Security Notice USN-858-1 November 12, 2009
openldap2.2 vulnerability
CVE-2009-3767
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libldap-2.2-7 2.2.26-5ubuntu2.9
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that OpenLDAP did not correctly handle SSL certificates
with zero bytes in the Common Name. A remote attacker could exploit this to
perform a man in the middle attack to view sensitive information or alter
encrypted communications.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.diff.gz
Size/MD5: 516098 098a03b4f7d511ce730e9647deca2072
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.dsc
Size/MD5: 1028 5a95dae94a1016fbcf41c1c1992ea8e6
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz
Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_amd64.deb
Size/MD5: 130854 1f1b40b12adcb557a810194d0c4f7993
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_amd64.deb
Size/MD5: 166444 500528d10502361c075a08578c1586f5
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_amd64.deb
Size/MD5: 961974 f56eef919306d6ca7f4a7a090d2ae6ba
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_i386.deb
Size/MD5: 118638 0558a833fb6eadf4d87bd9fd6e687838
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_i386.deb
Size/MD5: 146444 fc85d5259c97622324047bbda153937d
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_i386.deb
Size/MD5: 873424 358c78f76ee16010c1fb81e89adfe849
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_powerpc.deb
Size/MD5: 133012 92d9de435a795261e6bf4143f2bf59c7
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_powerpc.deb
Size/MD5: 157480 099b1ee5e158f77be109a7972587f596
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_powerpc.deb
Size/MD5: 960052 850fb56995224edd6ae329af1b8236ef
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_sparc.deb
Size/MD5: 120932 4fa0f7accd968ba71dff1f7c5b2ef811
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_sparc.deb
Size/MD5: 148546 2d1af209a8b53a8315fbd4bd86573d70
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_sparc.deb
Size/MD5: 903928 4aa6b0478821e803c80a020b031aafed
Related
redhat
redhat
(RHSA-2010:0198) Moderate: openldap security and bug fix update
2010-03-30 00:00:00
(RHSA-2010:0543) Moderate: openldap security update
2010-07-20 00:00:00
oraclelinux
oraclelinux
openldap security and bug fix update
2010-04-05 00:00:00
openldap security update
2010-07-20 00:00:00
nessus
nessus
RHEL 5 : openldap (RHSA-2010:0198)
2010-05-11 00:00:00
Debian DSA-1943-1 : openldap openldap2.3 - insufficient input validation
2010-02-24 00:00:00
Scientific Linux Security Update : openldap on SL5.x i386/x86_64
2012-08-01 00:00:00
openvas
openvas
Debian Security Advisory DSA 1943-1 (openldap openldap2.3)
2009-12-10 00:00:00
RedHat Update for openldap RHSA-2010:0198-04
2010-04-06 00:00:00
Ubuntu USN-858-1 (openldap2.2)
2009-11-17 00:00:00
cbl_mariner
cbl_mariner
CVE-2009-3767 affecting package openssl 1.1.1g-6
2021-08-11 06:39:26
CVE-2009-3767 affecting package openldap 2.4.50-1
2021-04-06 23:50:10
freebsd
freebsd
OpenLDAP -- incorrect handling of NULL in certificate Common Name
2009-08-07 00:00:00
securityvulns
securityvulns
OpenLDAP certificate spoofing
2009-11-13 00:00:00
seebug
seebug
OpenLDAP CA SSLθ―δΉ¦ιͺθ―ζΌζ΄
2009-10-27 00:00:00
debian
debian
ubuntu
ubuntu
OpenLDAP vulnerability
2009-11-12 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:44:17
fedora
fedora
[SECURITY] Fedora 11 Update: openldap-2.4.15-7.fc11
2010-03-02 01:03:33
ubuntucve
ubuntucve
CVE-2009-3767
2009-10-23 00:00:00
prion
prion
Design/Logic Flaw
2009-10-23 19:30:00
debiancve
debiancve
CVE-2009-3767
2009-10-23 19:30:00
centos
centos
compat, openldap security update
2010-07-21 19:15:25
cve
cve
CVE-2009-3767
2009-10-23 19:30:00
vmware
vmware
VMware ESX third party updates for Service Console
2010-09-30 00:00:00
VMware ESX third party updates for Service Console
2010-09-30 00:00:00
gentoo
gentoo
OpenLDAP: Multiple vulnerabilities
2014-06-30 00:00:00
Related for SECURITYVULNS:DOC:22791