Release date:
Updated on:
Affected Systems:
OpenLDAP
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53823
Cve id: CVE-2012-2668
OpenLDAP is an open-source Lightweight Directory Access Protocol (LDAP) implementation.
OpenLDAP uses the default password group when using NSS even after TLSCipherSuite is selected. A security vulnerability exists in implementation. Successful exploitation of this vulnerability allows attackers to obtain sensitive information.
<* Source: Tim Strobell
Link: http://www.openldap.org/its/index.cgi? Findid = 7285
Http://www.openldap.org/devel/gitweb.cgi? P = openldap. git; a = commitdiff; h = 2c2bb2e
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
OpenLDAP
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.openldap.org/software/release/changes.html