[ MDVSA-2015:225 ] cherokee

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:225
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : cherokee
 Date    : May 4, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated cherokee packages fix security vulnerability:
 
 The cherokee_validator_ldap_check function in validator_ldap.c in
 Cherokee  1.2.103 and earlier, when LDAP is used, does not properly
 consider unauthenticated-bind semantics, which allows remote attackers
 to bypass authentication via an empty password (CVE-2014-4668).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4668
 http://advisories.mageia.org/MGASA-2015-0181.html
 _______

007 Software

[ MDVSA-2015:225 ] cherokee

Leave a Reply Cancel reply

Software and Security Information