LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: openldap multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers.

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           openldap
Advisory ID:            MDKSA-2003:006
Date:                   January 14th, 2003

Affected versions:      8.0, 8.1, 8.2, 9.0, Multi Network Firewall 8.2
________________________________________________________________________

Problem Description:

 A review was completed by the SuSE Security Team on the OpenLDAP
 server software, and this audit revealed several buffer overflows
 and other bugs that remote attackers could exploit to gain unauthorized
 access to the system running the vulnerable OpenLDAP servers.
 Additionally, various locally exploitable bugs in the OpenLDAP v2
 libraries have been fixed as well.
________________________________________________________________________

References:
  
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1378
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1379
   http://www.suse.de/security/2002_047_openldap2.html
________________________________________________________________________

Updated Packages:
  
 Mandrake Linux 8.0:
 5afe60e1700e1209e32d8bed224863e4  8.0/RPMS/libldap2-2.0.21-2.1mdk.i586.rpm
 4e5c75fa2214a8a066dfc53ae8b78b57  8.0/RPMS/libldap2-devel-2.0.21-2.1mdk.i586.rpm
 b5bdaa88b744bb8ad30bde085aee3c04  8.0/RPMS/libldap2-devel-static-2.0.21-2.1mdk.i586.rpm
 e8abf7a43e55e890c74725e1a2363a05  8.0/RPMS/openldap-2.0.21-2.1mdk.i586.rpm
 6f02ab31e914abddb79d922b1fc6af9f  8.0/RPMS/openldap-back_dnssrv-2.0.21-2.1mdk.i586.rpm
 f344a0231aa1e625bb5dbac635084ee2  8.0/RPMS/openldap-back_ldap-2.0.21-2.1mdk.i586.rpm
 822efcb9ca3aaa9a81abefa998b46368  8.0/RPMS/openldap-back_passwd-2.0.21-2.1mdk.i586.rpm
 c9c85e5c2ce24aa6603028a680db4678  8.0/RPMS/openldap-back_sql-2.0.21-2.1mdk.i586.rpm
 cd350bdf342d6a871d3d6eb7e33b482f  8.0/RPMS/openldap-clients-2.0.21-2.1mdk.i586.rpm
 f88a18eff09569b015aa84e352de962a  8.0/RPMS/openldap-guide-2.0.21-2.1mdk.i586.rpm
 06830089ecc38489e966c93af97fc681  8.0/RPMS/openldap-migration-2.0.21-2.1mdk.i586.rpm
 986d7fa3dc5a0a323715b1aa48b6db3e  8.0/RPMS/openldap-servers-2.0.21-2.1mdk.i586.rpm
 8bb4dc6c88eead930521d14be4b3906d  8.0/SRPMS/openldap-2.0.21-2.1mdk.src.rpm

 Mandrake Linux 8.0/PPC:
 6f32c6abe98e70ea939cdb3d1f4abd56  ppc/8.0/RPMS/libldap2-2.0.21-2.1mdk.ppc.rpm
 42544b3583e8359e7efcd0faef719e54  ppc/8.0/RPMS/libldap2-devel-2.0.21-2.1mdk.ppc.rpm
 93ee41063959a438738233cff1d64c77  ppc/8.0/RPMS/libldap2-devel-static-2.0.21-2.1mdk.ppc.rpm
 921b1f2a0e980963c4190e999c691cf8  ppc/8.0/RPMS/openldap-2.0.21-2.1mdk.ppc.rpm
 0b3ba91f10d03f4fd67537ea4f6a4122  ppc/8.0/RPMS/openldap-back_dnssrv-2.0.21-2.1mdk.ppc.rpm
 b0cce34d7d6d6121460e91185067e513  ppc/8.0/RPMS/openldap-back_ldap-2.0.21-2.1mdk.ppc.rpm
 3d6ac2eac61b8db582d9621720b35331  ppc/8.0/RPMS/openldap-back_passwd-2.0.21-2.1mdk.ppc.rpm
 6dd2f9c840a416990a06e20a3cd4cd14  ppc/8.0/RPMS/openldap-back_sql-2.0.21-2.1mdk.ppc.rpm
 a549aba7d1783e495ff20f124a2d53b9  ppc/8.0/RPMS/openldap-clients-2.0.21-2.1mdk.ppc.rpm
 7deebb377f822e1a8e738859b8ef8375  ppc/8.0/RPMS/openldap-guide-2.0.21-2.1mdk.ppc.rpm
 d79018502156840b5d39138b0c589017  ppc/8.0/RPMS/openldap-migration-2.0.21-2.1mdk.ppc.rpm
 d774d8251c11f0f9c003888582e13161  ppc/8.0/RPMS/openldap-servers-2.0.21-2.1mdk.ppc.rpm
 8bb4dc6c88eead930521d14be4b3906d  ppc/8.0/SRPMS/openldap-2.0.21-2.1mdk.src.rpm

 Mandrake Linux 8.1:
 88ed5d7efba069cc5f7fff8fe1a1d70f  8.1/RPMS/libldap2-2.0.21-2.1mdk.i586.rpm
 ef00527ba370cfbcbc2299b5f5e3c694  8.1/RPMS/libldap2-devel-2.0.21-2.1mdk.i586.rpm
 8c147e051cd59fbf4a286ae30b07a484  8.1/RPMS/libldap2-devel-static-2.0.21-2.1mdk.i586.rpm
 6a49f4e20130eece4051a772b326b0f0  8.1/RPMS/openldap-2.0.21-2.1mdk.i586.rpm
 aee683dd03edac81dd1d33b9d87dc4db  8.1/RPMS/openldap-back_dnssrv-2.0.21-2.1mdk.i586.rpm
 e5336706a244dd7fcbee9b4ae6e32cb9  8.1/RPMS/openldap-back_ldap-2.0.21-2.1mdk.i586.rpm
 0414e70f89240eebbf6db4c2aadbe87d  8.1/RPMS/openldap-back_passwd-2.0.21-2.1mdk.i586.rpm
 5e2f0838ff31d68c95d1032cf9be614c  8.1/RPMS/openldap-back_sql-2.0.21-2.1mdk.i586.rpm
 80d1e74559067e98d4c87c562d045721  8.1/RPMS/openldap-clients-2.0.21-2.1mdk.i586.rpm
 f373450e50c5e358147e2ffb913ddab9  8.1/RPMS/openldap-guide-2.0.21-2.1mdk.i586.rpm
 f67d42772bf626d084f82a508f58c151  8.1/RPMS/openldap-migration-2.0.21-2.1mdk.i586.rpm
 f1c980c3eaeb7d1c1fd82c40187da0b3  8.1/RPMS/openldap-servers-2.0.21-2.1mdk.i586.rpm
 8bb4dc6c88eead930521d14be4b3906d  8.1/SRPMS/openldap-2.0.21-2.1mdk.src.rpm

 Mandrake Linux 8.1/IA64:
 9a15fc789e95f599650378c4f7569102  ia64/8.1/RPMS/libldap2-2.0.21-2.1mdk.ia64.rpm
 6825f6641c8b644ec109b84773abfa2f  ia64/8.1/RPMS/libldap2-devel-2.0.21-2.1mdk.ia64.rpm
 5f45b313da9cbef648cb2ba22c5dbc75  ia64/8.1/RPMS/libldap2-devel-static-2.0.21-2.1mdk.ia64.rpm
 8121f18a96d61e40fd269b15f1598817  ia64/8.1/RPMS/openldap-2.0.21-2.1mdk.ia64.rpm
 6f07765568c1826769c79b9c128ff579  ia64/8.1/RPMS/openldap-back_dnssrv-2.0.21-2.1mdk.ia64.rpm
 fae7c6114ddfc92f8b1e849a1fc0dcbb  ia64/8.1/RPMS/openldap-back_ldap-2.0.21-2.1mdk.ia64.rpm
 45898d8ac770b6df04f33f31805c0fcb  ia64/8.1/RPMS/openldap-back_passwd-2.0.21-2.1mdk.ia64.rpm
 5f982ce814c204d8c5f5b41624902dd9  ia64/8.1/RPMS/openldap-back_sql-2.0.21-2.1mdk.ia64.rpm
 1a954fe55feaf4422b18cd9fa13cd802  ia64/8.1/RPMS/openldap-clients-2.0.21-2.1mdk.ia64.rpm
 4292274f3cb402346b7e301e70e0c591  ia64/8.1/RPMS/openldap-guide-2.0.21-2.1mdk.ia64.rpm
 df6915efe3b96e4f6babd75d55a2f637  ia64/8.1/RPMS/openldap-migration-2.0.21-2.1mdk.ia64.rpm
 7ba11f118d4dd67809ad2a99d0fb36e0  ia64/8.1/RPMS/openldap-servers-2.0.21-2.1mdk.ia64.rpm
 8bb4dc6c88eead930521d14be4b3906d  ia64/8.1/SRPMS/openldap-2.0.21-2.1mdk.src.rpm

 Mandrake Linux 8.2:
 31dd7498be75a0c20989d6edbff69769  8.2/RPMS/libldap2-2.0.21-4.1mdk.i586.rpm
 98f9121b63e9d91ac801eb91562e6ed3  8.2/RPMS/libldap2-devel-2.0.21-4.1mdk.i586.rpm
 101a99eca850c12f875f7d7a0fd0481a  8.2/RPMS/libldap2-devel-static-2.0.21-4.1mdk.i586.rpm
 32269987f55e49fff5ae729b595314e9  8.2/RPMS/openldap-2.0.21-4.1mdk.i586.rpm
 9871abad0f376979b30cae96139378f7  8.2/RPMS/openldap-back_dnssrv-2.0.21-4.1mdk.i586.rpm
 85a08af9ed8f15f7e8a84445af71bd5a  8.2/RPMS/openldap-back_ldap-2.0.21-4.1mdk.i586.rpm
 a73664f25aad73f4e43cbe1cebc6966c  8.2/RPMS/openldap-back_passwd-2.0.21-4.1mdk.i586.rpm
 3d4e28cd285ba83a9c808bf1dfdd1fc4  8.2/RPMS/openldap-back_sql-2.0.21-4.1mdk.i586.rpm
 16bc47eeb22672ef457087edd7a4e46b  8.2/RPMS/openldap-clients-2.0.21-4.1mdk.i586.rpm
 db5d460fa1bc21821ef3d2dc2f72e692  8.2/RPMS/openldap-guide-2.0.21-4.1mdk.i586.rpm
 b9b66439e8a8b4208a07591ed66b5dbb  8.2/RPMS/openldap-migration-2.0.21-4.1mdk.i586.rpm
 639be00a1a3c9e56759e5ba29f61d1f8  8.2/RPMS/openldap-servers-2.0.21-4.1mdk.i586.rpm
 cb89f972abd81097100bc05e7cd41fcb  8.2/SRPMS/openldap-2.0.21-4.1mdk.src.rpm

 Mandrake Linux 8.2/PPC:
 d4320e60ca3db0054e4a6d478ec42d50  ppc/8.2/RPMS/libldap2-2.0.21-4.1mdk.ppc.rpm
 ee569f5f8b345b4af00cb3a2b82d38ce  ppc/8.2/RPMS/libldap2-devel-2.0.21-4.1mdk.ppc.rpm
 9e6fb85573ab4361147fbff6958c9f1a  ppc/8.2/RPMS/libldap2-devel-static-2.0.21-4.1mdk.ppc.rpm
 ad73f95dc5022b12f41160934c27c36b  ppc/8.2/RPMS/openldap-2.0.21-4.1mdk.ppc.rpm
 2fee29a243ff1024fedd011c6b885c34  ppc/8.2/RPMS/openldap-back_dnssrv-2.0.21-4.1mdk.ppc.rpm
 de61155cf89941ac0a82fe4b2d7e629b  ppc/8.2/RPMS/openldap-back_ldap-2.0.21-4.1mdk.ppc.rpm
 2104d2776764d9a29a17da37d57f2911  ppc/8.2/RPMS/openldap-back_passwd-2.0.21-4.1mdk.ppc.rpm
 65040221b19ad9f5ec586f56b3bad493  ppc/8.2/RPMS/openldap-back_sql-2.0.21-4.1mdk.ppc.rpm
 755c51173127dc685cb75cf9a0f91cfe  ppc/8.2/RPMS/openldap-clients-2.0.21-4.1mdk.ppc.rpm
 71284648ef634f3e39109957245748fc  ppc/8.2/RPMS/openldap-guide-2.0.21-4.1mdk.ppc.rpm
 71d6408a3f2604c8836a9fe647057b60  ppc/8.2/RPMS/openldap-migration-2.0.21-4.1mdk.ppc.rpm
 b7a12cc1a6f1e0d0d66c1c9c2f53bd2a  ppc/8.2/RPMS/openldap-servers-2.0.21-4.1mdk.ppc.rpm
 cb89f972abd81097100bc05e7cd41fcb  ppc/8.2/SRPMS/openldap-2.0.21-4.1mdk.src.rpm

 Mandrake Linux 9.0:
 102ca496ebebc6c97ba8d3a69e00b9d5  9.0/RPMS/libldap2-2.0.25-7.1mdk.i586.rpm
 86372052e6077d2fa6765f117b84f619  9.0/RPMS/libldap2-devel-2.0.25-7.1mdk.i586.rpm
 757534b445f2a8994bb7d598a2476290  9.0/RPMS/libldap2-devel-static-2.0.25-7.1mdk.i586.rpm
 e4d93db53f8fa193dbb7fd1b5b4754a5  9.0/RPMS/openldap-2.0.25-7.1mdk.i586.rpm
 f086b7ced2e0a82b95f4e30454eefff2  9.0/RPMS/openldap-back_dnssrv-2.0.25-7.1mdk.i586.rpm
 4ea977bcb5d2a81dcbc9a04d8a4e7f6a  9.0/RPMS/openldap-back_ldap-2.0.25-7.1mdk.i586.rpm
 13849054f7b81ba72ce43bae49873df1  9.0/RPMS/openldap-back_passwd-2.0.25-7.1mdk.i586.rpm
 38cd1230470b9bc5ba2c0753e02e606a  9.0/RPMS/openldap-back_sql-2.0.25-7.1mdk.i586.rpm
 bf63a8b7dd78f47528a3a90411be4d3b  9.0/RPMS/openldap-clients-2.0.25-7.1mdk.i586.rpm
 32309fa668e037cc07dd9525e760d580  9.0/RPMS/openldap-guide-2.0.25-7.1mdk.i586.rpm
 b580692d2d45ad3132bdfce40c7774f0  9.0/RPMS/openldap-migration-2.0.25-7.1mdk.i586.rpm
 dc7bbbad1dfa8fd83b4e0cdd243f09cc  9.0/RPMS/openldap-servers-2.0.25-7.1mdk.i586.rpm
 3e2d88fee3f8f4024e833ae1897959ec  9.0/SRPMS/openldap-2.0.25-7.1mdk.src.rpm

 Multi Network Firewall 8.2:
 31dd7498be75a0c20989d6edbff69769  mnf8.2/RPMS/libldap2-2.0.21-4.1mdk.i586.rpm
 cb89f972abd81097100bc05e7cd41fcb  mnf8.2/SRPMS/openldap-2.0.21-4.1mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

   http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig 

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

   http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

   http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.