The remote host is missing Security Update 2004-09-07.  This security update fixes the following components :

  - CoreFoundation
  - IPSec
  - Kerberos
  - libpcap
  - lukemftpd
  - NetworkConfig
  - OpenLDAP
  - OpenSSH
  - PPPDialer
  - rsync
  - Safari
  - tcpdump

These applications contain multiple vulnerabilities that may allow a remote attacker to execute arbitrary code.

Updated openldap and nss_ldap packages that correct a potential password disclosure issue are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools.

The nss_ldap module is an extension for use with GNU libc which allows applications to, without internal modification, consult a directory service using LDAP to supplement information that would be read from local files such as /etc/passwd, /etc/group, and /etc/shadow.

A bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP servers. If a client connection is referred to a different server, it is possible that the referred connection will not be encrypted even if the client has 'ssl start_tls' in its ldap.conf file. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2069 to this issue.

A bug was also found in the way certain OpenLDAP authentication schemes store hashed passwords. A remote attacker could re-use a hashed password to gain access to unauthorized resources. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0823 to this issue.

All users of OpenLDAP and nss_ldap are advised to upgrade to these updated packages, which contain backported fixes that resolve these issues.

The remote host is missing Apple's Security Update 2004-09-07. This security update fixes the following components: CoreFoundation, IPSec, Kerberos, libpcap, lukemftpd, NetworkConfig, OpenLDAP, OpenSSH, PPPDialer, rsync, Safari and tcpdump

The remote Apple QuickTime Server is reported prone to a remote Denial of Service (DoS) attack.  The details of the attack are currently unknown.  An attacker with access to the specific attack vectors would be able to impact the availability of the server. 

The remote host is using a version of the Apache web server that is less than 2.0.50.  This version is vulnerable to two (2) remote Denial of Service (DoS) attacks.  The first issue stems from a failure to properly manage memory and could lead to the consumption of massive amounts of memory and, alledgedly,a potential heap overflow.  The second issue stems from mod_ssl's inability to handle sessions that terminate before any bytes of data have been sent.  This second flaw results in a memory violation that leads to a loss of availability to valid users. 

ID	Name	Product	Family	Published	Updated	Severity
14676	Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)	Nessus	MacOS X Local Security Checks	9/8/2004	5/28/2024	high
20044	RHEL 2.1 / 3 : openldap and nss_ldap (RHSA-2005:751)	Nessus	Red Hat Local Security Checks	10/19/2005	1/14/2021	high
21852	CentOS 3 : openldap / nss_ldap (CESA-2005:751)	Nessus	CentOS Local Security Checks	7/3/2006	1/4/2021	high
2274	Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)	Nessus Network Monitor	Web Clients	9/9/2004	3/6/2019	medium
2764	Apple QuickTime Streaming Server < 5.0.3.2 DoS (deprecated)	Nessus Network Monitor	Generic	3/24/2005	6/1/2015	medium
2744	Apache < 2.0.50 Input Header Folding and mod_ssl DoS	Nessus Network Monitor	Web Servers	3/23/2005	3/6/2019	medium
800578	Apache < 2.0.50 Input Header Folding and mod_ssl DoS	Log Correlation Engine	Web Servers			medium
800802	Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)	Log Correlation Engine	Operating System Detection			high

Detections

Analytics

Plugins Search

high

high

high

medium

medium

medium

medium

high