Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 424167 (CVE-2012-2668)

Summary: <net-nds/openldap-2.4.35 : weak cyphers lead to possible information leak (CVE-2012-2668)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: ldap-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 480304    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2012-06-29 21:12:05 UTC
CVE-2012-2668 (
  libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when
  using the Mozilla NSS backend, always uses the default cipher suite even
  when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers
  than intended and make it easier for remote attackers to obtain sensitive
Comment 2 Sergey Popov gentoo-dev 2013-10-07 09:27:15 UTC
Added to existing GLSA draft
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-07-01 00:22:12 UTC
This issue was resolved and addressed in
 GLSA 201406-36 at
by GLSA coordinator Yury German (BlueKnight).