Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 424167 (CVE-2012-2668) - <net-nds/openldap-2.4.35 : weak cyphers lead to possible information leak (CVE-2012-2668)
Summary: <net-nds/openldap-2.4.35 : weak cyphers lead to possible information leak (CV...
Alias: CVE-2012-2668
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa]
Depends on: 480304
  Show dependency tree
Reported: 2012-06-29 21:12 UTC by GLSAMaker/CVETool Bot
Modified: 2014-07-01 00:22 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2012-06-29 21:12:05 UTC
CVE-2012-2668 (
  libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when
  using the Mozilla NSS backend, always uses the default cipher suite even
  when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers
  than intended and make it easier for remote attackers to obtain sensitive
Comment 2 Sergey Popov gentoo-dev 2013-10-07 09:27:15 UTC
Added to existing GLSA draft
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-07-01 00:22:12 UTC
This issue was resolved and addressed in
 GLSA 201406-36 at
by GLSA coordinator Yury German (BlueKnight).