LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 27th, 2014
Linux Advisory Watch: October 24th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: openldap2 multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian The SuSE Security Team reviewed critical parts of openldap2 and found several buffer overflows and other bugs remote attackers could exploit to gain access on systems running vulnerable LDAP servers.

--------------------------------------------------------------------------
Debian Security Advisory DSA 227-1                     security@debian.org 
http://www.debian.org/security/                             Martin Schulze
January, 13th, 2003                      http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : openldap2
Vulnerability  : buffer overflows and other bugs
Problem-Type   : local, remote
Debian-specific: no
CVE Id         : CAN-2002-1378 CAN-2002-1379
BugTraq Id     : 6328

The SuSE Security Team reviewed critical parts of openldap2, an
implementation of the Lightweight Directory Access Protocol (LDAP)
version 2 and 3, and found several buffer overflows and other bugs
remote attackers could exploit to gain access on systems running
vulnerable LDAP servers.  In addition to these bugs, various local
exploitable bugs within the OpenLDAP2 libraries have been fixed.

For the current stable distribution (woody) these problems have been
fixed in version 2.0.23-6.3.

The old stable distribution (potato) does not contain OpenLDAP2
packages.

For the unstable distribution (sid) these problems have been fixed in
version 2.0.27-3.

We recommend that you upgrade your openldap2 packages.


Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.23-6.3.dsc
      Size/MD5 checksum:      763 45168fb49d17bcbefc2d920400705ac1
     http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.23-6.3.diff.gz
      Size/MD5 checksum:    20913 f0fa8fa225ccd5ce44504811511c9ad4
     http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.23.orig.tar.gz
      Size/MD5 checksum:  1302928 d13cfded502c7d2b43b3c42b4e6dd599

  Alpha architecture:

     http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_alpha.deb
      Size/MD5 checksum:    87630 29068d6586e62aa8141995d19d85b5f2
     http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_alpha.deb
      Size/MD5 checksum:   113812 ffe2c1b7afd49bbd45143b4d2c5738a3
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_alpha.deb
      Size/MD5 checksum:   213992 5a20e5fa07a7e64c501fce960bafb00d
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_alpha.deb
      Size/MD5 checksum:  1833542 4554c75be54f37f98062874c1fd05ef3
     http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_alpha.deb
      Size/MD5 checksum:   806478 e3ebfb7fefffdebdfc48127c53989b5a

  ARM architecture:

     http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_arm.deb
      Size/MD5 checksum:    65998 395356a67fc07a37cb7ff83e4f433f08
     http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_arm.deb
      Size/MD5 checksum:    90090 2d6582bca66d8d4975767e9143610617
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_arm.deb
      Size/MD5 checksum:   183032 202e9ee365ea54dab60b7b827d47b759
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_arm.deb
      Size/MD5 checksum:  1789034 7144479db1c2c8433fcd89ee6b1cd693
     http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_arm.deb
      Size/MD5 checksum:   672624 d93eddf64b805fe8ad456e1abb477237
  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_i386.deb
      Size/MD5 checksum:    65232 423b8b0b3fd8a09ef365d4ec25023d26
     http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_i386.deb
      Size/MD5 checksum:    86350 0bc201b83a18897972cecccb37beba0b
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_i386.deb
      Size/MD5 checksum:   172742 2222f508b8f6b0cf808ece56cfd639e9
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_i386.deb
      Size/MD5 checksum:  1732946 1f98f56fb5b0215788c9581cc330a77a
     http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_i386.deb
      Size/MD5 checksum:   606922 42fc1c90d802d9bc155094cd2c5b3a05

  Intel IA-64 architecture:

     http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_ia64.deb
      Size/MD5 checksum:    97926 102155513b8228429771ede0d79ba286
     http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_ia64.deb
      Size/MD5 checksum:   130370 c200491173f802aa79f18f6069d693a6
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_ia64.deb
      Size/MD5 checksum:   287272 bc3d117d2a5ce5472bd7c8e82415c316
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_ia64.deb
      Size/MD5 checksum:  1770604 541a1c9edbe6a16405882e222cd7a109
     http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_ia64.deb
      Size/MD5 checksum:  1055364 6f57696f2b7531f84130a70af0549b8d

  HP Precision architecture:

     http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_hppa.deb
      Size/MD5 checksum:    72484 204da57b2ee9c96ce1c452b7930200ed
     http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_hppa.deb
      Size/MD5 checksum:    96546 c7effeaa7614518f6fc3430377a4a5d5
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_hppa.deb
      Size/MD5 checksum:   215844 579d0e6079f28507f1ec9cb04e480eb1
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_hppa.deb
      Size/MD5 checksum:  1918820 4fe546d4d46cd60886b632454051305f
     http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_hppa.deb
      Size/MD5 checksum:   754974 33465a944d5f074d8360c6636e59a21c

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_m68k.deb
      Size/MD5 checksum:    63104 97a7ac89fa92969b337c9faac65a396f

     http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_m68k.deb
      Size/MD5 checksum:    82360 622b8f56215e11e8d8560a046ae6727d
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_m68k.deb
      Size/MD5 checksum:   172070 6c83f54353a1f6e4ab930534ff1d4e3f
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_m68k.deb
      Size/MD5 checksum:  1747054 ed7fb0f971840a7fa830bf8398a4d14e
     http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_m68k.deb
      Size/MD5 checksum:   549178 af67d5db8fe060084f216816d5317349

  Big endian MIPS architecture:

     http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_mips.deb
      Size/MD5 checksum:    71252 ec1e7143d9bee2bbbe0c51c74565539a
     http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_mips.deb
      Size/MD5 checksum:    96432 63ea165d5ced9a86f03f401ddd82bdec
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_mips.deb
      Size/MD5 checksum:   182296 7f14e28ef4cb9dc8ee4a81379a41ba43
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_mips.deb
      Size/MD5 checksum:  1740550 80ceff7b9ad86b6a271a75f02b7fc156
     http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_mips.deb
      Size/MD5 checksum:   690306 d1fcfcfb94ed45c1cc1738f650ea7791

  Little endian MIPS architecture:

     http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_mipsel.deb
      Size/MD5 checksum:    71024 7525d0c425e5039e9057f8ba7b33887a
     http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_mipsel.deb
      Size/MD5 checksum:    96224 5659381cf1d060a6e941fa966b0a0ee9
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_mipsel.deb
      Size/MD5 checksum:   182322 416d63e7910ac76318b044ec1822f7a5
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_mipsel.deb
      Size/MD5 checksum:  1707922 1d802562db371b06b85fb9377c243b9c
     http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_mipsel.deb
      Size/MD5 checksum:   690470 b2641844353f0e774878ed2584f3377b

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_powerpc.deb
      Size/MD5 checksum:    67354 cea40c452a90042c183d548374e3d3ab
     http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_powerpc.deb
      Size/MD5 checksum:    89190 8ba071acfbd7ce9a91547506c9f2032d
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_powerpc.deb
      Size/MD5 checksum:   190122 2ed378aced84f062d25341ea402fe432
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_powerpc.deb
      Size/MD5 checksum:  1833820 9e552d28447baff88a9513224872df4c
     http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_powerpc.deb
      Size/MD5 checksum:   659124 bd3a42e7f529ffe0ba2c14db79d4c5e9

  IBM S/390 architecture:

     http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_s390.deb
      Size/MD5 checksum:    68148 c092242782dc253a48bed75e64d89f73
     http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_s390.deb
      Size/MD5 checksum:    90736 4f1a07b555e2b45c2010f906cc5643b8
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_s390.deb
      Size/MD5 checksum:   185080 31f46df36b184835aa7dfa690f0e5acf
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_s390.deb
      Size/MD5 checksum:  1774464 73c0f603bccf160742f195eceda8cdaa
     http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_s390.deb
      Size/MD5 checksum:   630076 51fb890370a4ac20cc624bd098f47a1f

  Sun Sparc architecture:

     http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_sparc.deb
      Size/MD5 checksum:    83524 3a4ecbbec28bdbece90059b279cf0b79
     http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_sparc.deb
      Size/MD5 checksum:    96442 22cd660e75d55fdacdd8f3f496018e86
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_sparc.deb
      Size/MD5 checksum:   184178 8ed0238017accfbf049df22ba8caf7e0
     http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_sparc.deb
      Size/MD5 checksum:  1793314 4ef681fc1a92aad509ed6b7697ea5ac3
     http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_sparc.deb
      Size/MD5 checksum:   633264 70f1164d9d170954a31142e3aef49f61


  These files will probably be moved into the stable distribution on
  its next revision.

---------------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data
Hackers target unclassified White House network
BYOD: Why the biggest security worry is the fool within rather than the enemy without
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.