Vulnerability Details CVE-2012-2668
libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.8%
CVSS Severity
CVSS v2 Score 4.3
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676309
- http://rhn.redhat.com/errata/RHSA-2012-1151.html
- http://seclists.org/fulldisclosure/2019/Dec/26
- http://security.gentoo.org/glsa/glsa-201406-36.xml
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commitdiff%3Bh=2c2bb2e
- http://www.openldap.org/its/index.cgi?findid=7285
- http://www.openwall.com/lists/oss-security/2012/06/05/4
- http://www.openwall.com/lists/oss-security/2012/06/06/1
- http://www.openwall.com/lists/oss-security/2012/06/06/2
- http://www.securityfocus.com/bid/53823
- http://www.securitytracker.com/id?1027127
- https://bugzilla.redhat.com/show_bug.cgi?id=825875
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76099
- https://seclists.org/bugtraq/2019/Dec/23
- https://support.apple.com/kb/HT210788
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676309
- http://rhn.redhat.com/errata/RHSA-2012-1151.html
- http://seclists.org/fulldisclosure/2019/Dec/26
- http://security.gentoo.org/glsa/glsa-201406-36.xml
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commitdiff%3Bh=2c2bb2e
- http://www.openldap.org/its/index.cgi?findid=7285
- http://www.openwall.com/lists/oss-security/2012/06/05/4
- http://www.openwall.com/lists/oss-security/2012/06/06/1
- http://www.openwall.com/lists/oss-security/2012/06/06/2
- http://www.securityfocus.com/bid/53823
- http://www.securitytracker.com/id?1027127
- https://bugzilla.redhat.com/show_bug.cgi?id=825875
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76099
- https://seclists.org/bugtraq/2019/Dec/23
- https://support.apple.com/kb/HT210788
Products affected by CVE-2012-2668
-
cpe:2.3:a:openldap:openldap:-
-
cpe:2.3:a:openldap:openldap:2.0
-
cpe:2.3:a:openldap:openldap:2.3.29
-
cpe:2.3:a:openldap:openldap:2.4
-
cpe:2.3:a:openldap:openldap:2.4.10
-
cpe:2.3:a:openldap:openldap:2.4.11
-
cpe:2.3:a:openldap:openldap:2.4.12
-
cpe:2.3:a:openldap:openldap:2.4.13
-
cpe:2.3:a:openldap:openldap:2.4.14
-
cpe:2.3:a:openldap:openldap:2.4.15
-
cpe:2.3:a:openldap:openldap:2.4.16
-
cpe:2.3:a:openldap:openldap:2.4.17
-
cpe:2.3:a:openldap:openldap:2.4.18
-
cpe:2.3:a:openldap:openldap:2.4.19
-
cpe:2.3:a:openldap:openldap:2.4.20
-
cpe:2.3:a:openldap:openldap:2.4.21
-
cpe:2.3:a:openldap:openldap:2.4.22
-
cpe:2.3:a:openldap:openldap:2.4.23
-
cpe:2.3:a:openldap:openldap:2.4.24
-
cpe:2.3:a:openldap:openldap:2.4.25
-
cpe:2.3:a:openldap:openldap:2.4.26
-
cpe:2.3:a:openldap:openldap:2.4.27
-
cpe:2.3:a:openldap:openldap:2.4.28
-
cpe:2.3:a:openldap:openldap:2.4.29
-
cpe:2.3:a:openldap:openldap:2.4.30
-
cpe:2.3:a:openldap:openldap:2.4.31
-
cpe:2.3:a:openldap:openldap:2.4.6
-
cpe:2.3:a:openldap:openldap:2.4.7
-
cpe:2.3:a:openldap:openldap:2.4.8
-
cpe:2.3:a:openldap:openldap:2.4.9