LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:	Moderate: openldap security update
Issue date:	2011-03-10
CVE Names:	CVE-2011-1024 CVE-2011-1025 CVE-2011-1081

A flaw was found in the way OpenLDAP handled authentication failures 
being passed from an OpenLDAP slave to the master. If OpenLDAP was 
configured with a chain overlay and it forwarded authentication 
failures, OpenLDAP would bind to the directory as an anonymous user and 
return success, rather than return failure on the authenticated bind. 
This could allow a user on a system that uses LDAP for authentication to 
log into a directory-based account without knowing the password. 
(CVE-2011-1024)

It was found that the OpenLDAP back-ndb back end allowed successful
authentication to the root distinguished name (DN) when any string was
provided as a password. A remote user could use this flaw to access an
OpenLDAP directory if they knew the value of the root DN. Note: This 
issue only affected OpenLDAP installations using the NDB back-end, which 
is only available for Scientific Linux 6 via third-party software. 
(CVE-2011-1025)

A flaw was found in the way OpenLDAP handled modify relative 
distinguished name (modrdn) requests. A remote, unauthenticated user 
could use this flaw to crash an OpenLDAP server via a modrdn request 
containing an empty old RDN value. (CVE-2011-1081)

After installing this update, the OpenLDAP daemons will be restarted 
automatically.

SL 6.x

      SRPMS:
openldap-2.4.19-15.el6_0.2.src.rpm
      i386:
compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm
openldap-2.4.19-15.el6_0.2.i686.rpm
openldap-clients-2.4.19-15.el6_0.2.i686.rpm
openldap-devel-2.4.19-15.el6_0.2.i686.rpm
openldap-servers-2.4.19-15.el6_0.2.i686.rpm
openldap-servers-sql-2.4.19-15.el6_0.2.i686.rpm
      x86_64:
compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm
compat-openldap-2.4.19_2.3.43-15.el6_0.2.x86_64.rpm
openldap-2.4.19-15.el6_0.2.i686.rpm
openldap-2.4.19-15.el6_0.2.x86_64.rpm
openldap-clients-2.4.19-15.el6_0.2.x86_64.rpm
openldap-devel-2.4.19-15.el6_0.2.i686.rpm
openldap-devel-2.4.19-15.el6_0.2.x86_64.rpm
openldap-servers-2.4.19-15.el6_0.2.x86_64.rpm
openldap-servers-sql-2.4.19-15.el6_0.2.x86_64.rpm

-Connie Sieh
-Troy Dawson