You are here

U-185: OpenLDAP May Ignore TLSCipherSuite Setting in Some Cases

June 7, 2012 - 7:00am

Addthis

PROBLEM:

OpenLDAP May Ignore TLSCipherSuite Setting in Some Cases .

PLATFORM:

Linux (Any), UNIX (Any)

ABSTRACT:

A vulnerability was reported in OpenLDAP. The system may use a weaker cipher suite than specified.

Reference Links:

SecurityTracker ID1027127
CVE-2012-2668
Vendor URL

IMPACT ASSESSMENT:

Medium

Discussion:

When the Mozilla NSS backend is used, the OpenLDAP software ignores the TLSCipherSuite setting and instead uses the default cipher suite, which may contain some weak ciphers. The vulnerability resides in 'libraries/libldap/tls_m.c'.

Impact:

The system may use weaker ciphers than specified in the configuration file.

Solution:

The vendor has issued a source code fix, available at: Openldap.org

Addthis