LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

March 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA March 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: openldap on SL6.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Fri, 11 Mar 2011 10:25:37 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (54 lines)

Synopsis:	Moderate: openldap security update
Issue date:	2011-03-10
CVE Names:	CVE-2011-1024 CVE-2011-1025 CVE-2011-1081

A flaw was found in the way OpenLDAP handled authentication failures 
being passed from an OpenLDAP slave to the master. If OpenLDAP was 
configured with a chain overlay and it forwarded authentication 
failures, OpenLDAP would bind to the directory as an anonymous user and 
return success, rather than return failure on the authenticated bind. 
This could allow a user on a system that uses LDAP for authentication to 
log into a directory-based account without knowing the password. 
(CVE-2011-1024)

It was found that the OpenLDAP back-ndb back end allowed successful
authentication to the root distinguished name (DN) when any string was
provided as a password. A remote user could use this flaw to access an
OpenLDAP directory if they knew the value of the root DN. Note: This 
issue only affected OpenLDAP installations using the NDB back-end, which 
is only available for Scientific Linux 6 via third-party software. 
(CVE-2011-1025)

A flaw was found in the way OpenLDAP handled modify relative 
distinguished name (modrdn) requests. A remote, unauthenticated user 
could use this flaw to crash an OpenLDAP server via a modrdn request 
containing an empty old RDN value. (CVE-2011-1081)

After installing this update, the OpenLDAP daemons will be restarted 
automatically.

SL 6.x

      SRPMS:
openldap-2.4.19-15.el6_0.2.src.rpm
      i386:
compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm
openldap-2.4.19-15.el6_0.2.i686.rpm
openldap-clients-2.4.19-15.el6_0.2.i686.rpm
openldap-devel-2.4.19-15.el6_0.2.i686.rpm
openldap-servers-2.4.19-15.el6_0.2.i686.rpm
openldap-servers-sql-2.4.19-15.el6_0.2.i686.rpm
      x86_64:
compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm
compat-openldap-2.4.19_2.3.43-15.el6_0.2.x86_64.rpm
openldap-2.4.19-15.el6_0.2.i686.rpm
openldap-2.4.19-15.el6_0.2.x86_64.rpm
openldap-clients-2.4.19-15.el6_0.2.x86_64.rpm
openldap-devel-2.4.19-15.el6_0.2.i686.rpm
openldap-devel-2.4.19-15.el6_0.2.x86_64.rpm
openldap-servers-2.4.19-15.el6_0.2.x86_64.rpm
openldap-servers-sql-2.4.19-15.el6_0.2.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV