Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2668

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2668
Last Modified 07 Sep 2012 12:29:41
Published 16 Jun 2012 11:41:41
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2668

Summary

libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.

Vulnerable Systems

Application

  • Openldap 2.4.10

  • Openldap 2.4.11

  • Openldap 2.4.12

  • Openldap 2.4.13

  • Openldap 2.4.14

  • Openldap 2.4.15

  • Openldap 2.4.16

  • Openldap 2.4.17

  • Openldap 2.4.18

  • Openldap 2.4.19

  • Openldap 2.4.20

  • Openldap 2.4.21

  • Openldap 2.4.22

  • Openldap 2.4.23

  • Openldap 2.4.24

  • Openldap 2.4.25

  • Openldap 2.4.26

  • Openldap 2.4.27

  • Openldap 2.4.28

  • Openldap 2.4.29

  • Openldap 2.4.30

  • Openldap 2.4.31

  • Openldap 2.4.6

  • Openldap 2.4.7

  • Openldap 2.4.8

  • Openldap 2.4.9


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=825875

XF - openldap-nss-weak-security(76099)

SECTRACK - 1027127

BID - 53823

MLIST - [oss-security] 20120606 Re: CVE request: openldap does not honor TLSCipherSuite configuration option

MLIST - [oss-security] 20120605 Re: CVE request: openldap does not honor TLSCipherSuite configuration option

MLIST - [oss-security] 20120605 CVE request: openldap does not honor TLSCipherSuite configuration option

CONFIRM - http://www.openldap.org/its/index.cgi?findid=7285

CONFIRM - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=2c2bb2e

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676309

REDHAT - RHSA-2012:1151


Last Updated: 27 May 2016 10:56:32