Ubuntu USN-858-1 (openldap2.2) Network Vulnerability

Summary

The remote host is missing an update to openldap2.2 announced via advisory USN-858-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libldap-2.2-7 2.2.26-5ubuntu2.9 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-858-1

Insight

It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

Severity

Classification

CVE CVE-2009-3767

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for clamav vulnerabilities USN-945-1
Ubuntu Update for cupsys vulnerability USN-606-1
Ubuntu Update for curl USN-1894-1
Ubuntu Update for apt USN-1169-1
Ubuntu Update for apache2 vulnerability USN-990-2

Take action and discover your vulnerabilities