CVE-2015-3276

First published: Wed Jul 01 2015(Updated: )

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Openldap Openldap	<2.5
Oracle Linux	=7
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Eus	=7.3
Redhat Enterprise Linux Eus	=7.4
Redhat Enterprise Linux Eus	=7.5
Redhat Enterprise Linux Eus	=7.6
Redhat Enterprise Linux Eus	=7.7
Redhat Enterprise Linux Hpc Node	=7.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=7.3
Redhat Enterprise Linux Server Aus	=7.4
Redhat Enterprise Linux Server Aus	=7.6
Redhat Enterprise Linux Server Aus	=7.7
Redhat Enterprise Linux Server Tus	=7.3
Redhat Enterprise Linux Server Tus	=7.6
Redhat Enterprise Linux Server Tus	=7.7
Redhat Enterprise Linux Workstation	=7.0

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=1238322

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/remedy
agent/last-modified-date
agent/author
agent/references
agent/severity
agent/description
agent/tags
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2015-3276
vendor/openldap
canonical/openldap openldap
vendor/oracle
canonical/oracle linux
version/oracle linux/7
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/7.3
version/redhat enterprise linux eus/7.4
version/redhat enterprise linux eus/7.5
version/redhat enterprise linux eus/7.6
version/redhat enterprise linux eus/7.7
canonical/redhat enterprise linux hpc node
version/redhat enterprise linux hpc node/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.3
version/redhat enterprise linux server aus/7.4
version/redhat enterprise linux server aus/7.6
version/redhat enterprise linux server aus/7.7
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.3
version/redhat enterprise linux server tus/7.6
version/redhat enterprise linux server tus/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0

CVE-2015-3276

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact