FKIE_CVE-2012-2668

Vulnerability from fkie_nvd - Published: 2012-06-17 03:41 - Updated: 2025-04-11 00:51
Severity ?
Summary
libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.
References
secalert@redhat.comhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676309
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1151.html
secalert@redhat.comhttp://seclists.org/fulldisclosure/2019/Dec/26
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201406-36.xml
secalert@redhat.comhttp://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commitdiff%3Bh=2c2bb2e
secalert@redhat.comhttp://www.openldap.org/its/index.cgi?findid=7285
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/06/05/4
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/06/06/1
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/06/06/2
secalert@redhat.comhttp://www.securityfocus.com/bid/53823
secalert@redhat.comhttp://www.securitytracker.com/id?1027127
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=825875
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/76099
secalert@redhat.comhttps://seclists.org/bugtraq/2019/Dec/23
secalert@redhat.comhttps://support.apple.com/kb/HT210788
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676309
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1151.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Dec/26
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201406-36.xml
af854a3a-2127-422b-91ae-364da2661108http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commitdiff%3Bh=2c2bb2e
af854a3a-2127-422b-91ae-364da2661108http://www.openldap.org/its/index.cgi?findid=7285
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/06/05/4
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/06/06/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/06/06/2
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53823
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027127
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=825875
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/76099
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Dec/23
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT210788
Impacted products
Vendor Product Version
openldap openldap *
openldap openldap 2.4.6
openldap openldap 2.4.7
openldap openldap 2.4.8
openldap openldap 2.4.9
openldap openldap 2.4.10
openldap openldap 2.4.11
openldap openldap 2.4.12
openldap openldap 2.4.13
openldap openldap 2.4.14
openldap openldap 2.4.15
openldap openldap 2.4.16
openldap openldap 2.4.17
openldap openldap 2.4.18
openldap openldap 2.4.19
openldap openldap 2.4.20
openldap openldap 2.4.21
openldap openldap 2.4.22
openldap openldap 2.4.23
openldap openldap 2.4.24
openldap openldap 2.4.25
openldap openldap 2.4.26
openldap openldap 2.4.27
openldap openldap 2.4.28
openldap openldap 2.4.29
openldap openldap 2.4.30
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D85D909A-036F-41CB-ADA1-A374562241F8",
              "versionEndIncluding": "2.4.31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EC66226-A597-4A4C-932F-F4A7BAE119C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AEABC84-7B67-4FD4-A891-E52C80DC881E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "340F673A-295E-4B75-A9D1-E785B0440BE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "49203E99-71E2-49D4-91A0-65AAAA7DC18F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "473AEC48-FBBF-4BEB-8728-1FA80DD94807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B0415EA-5F21-44C3-93F3-DDADBAA64449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "16AFC655-E81F-4FDE-8030-9781A8B79E73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E99FB859-D023-4B2B-A709-05E83A46E2A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2EEBC7-1FAF-43E2-A124-C387C02D9E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D242E4-D5EB-4785-A6EF-60B1E8E2B0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6FEDD9C-FDF7-456A-B06C-0A4A4443991D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9245CDE2-B90A-4D47-BA20-A7869FF0A645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB993E4D-E573-4495-97DE-465DDB2AA2DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F106A3-63D5-4D07-9440-6628DBA78BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "36CC03BC-DF34-43CD-90B0-27D23A1DD06A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "16C90FEE-527E-47F5-8840-517A55163D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FAEA812-BB47-47A3-A975-B3B8D30DBA36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DE5D180-3972-40A0-ADAF-A4F3364D1381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD76F376-00D8-4917-BF68-6EECC316C331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7063C11-3BF5-4037-ADC3-0C7E9AF830B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAE258EA-1B57-4189-AD5A-7E2ACF223167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "C492F5F5-A6FD-4BED-890A-79254138CC0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6F7FDE8-2E54-4162-AA5F-D81253AAC8FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "693E3145-FDDB-4780-886B-6D7FC7B2C5B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BF32056-CC6A-4B2B-8FAA-F573445B9B99",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information."
    },
    {
      "lang": "es",
      "value": "libraries/libldap/tls_m.c en OpenLDAP, posiblemente v2.4.31 y anteriores, cuando se utiliza el \"backend\" de Mozilla NSS, siempre utiliza la suite de cifrado por defecto incluso cuando TLSCipherSuite est\u00e1 establecido, lo que podr\u00eda provocar que OpenLDAP use algoritmos de cifrado m\u00e1s d\u00e9biles que los esperados y que sea m\u00e1s f\u00e1cil para que los atacantes remotos obtener informaci\u00f3n sensible."
    }
  ],
  "id": "CVE-2012-2668",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-17T03:41:41.030",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676309"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1151.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2019/Dec/26"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commitdiff%3Bh=2c2bb2e"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openldap.org/its/index.cgi?findid=7285"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/05/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/06/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/06/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/53823"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1027127"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=825875"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76099"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://seclists.org/bugtraq/2019/Dec/23"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://support.apple.com/kb/HT210788"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1151.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2019/Dec/26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commitdiff%3Bh=2c2bb2e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openldap.org/its/index.cgi?findid=7285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/05/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/06/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/06/06/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=825875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Dec/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT210788"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.