LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated openldap packages fixes buffer overflow vulnerability. Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A stack-based buffer overflow in st.c in slurpd for OpenLDAP might allow attackers to execute arbitrary code via a long hostname. Packages have been patched to correct this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:096
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : openldap
 Date    : June 7, 2006
 Affected: 10.2, 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A stack-based buffer overflow in st.c in slurpd for OpenLDAP might allow 
 attackers to execute arbitrary code via a long hostname.
 
 Packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2754
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 8a281bec432238a1f5b551ca9512bbe4  10.2/RPMS/libldap2.2_7-2.2.23-5.2.102mdk.i586.rpm
 8da883025099c4a0a2d84e231537eb06  10.2/RPMS/libldap2.2_7-devel-2.2.23-5.2.102mdk.i586.rpm
 e3d33c67cde6e42954855597bc8cbeb7  10.2/RPMS/libldap2.2_7-static-devel-2.2.23-5.2.102mdk.i586.rpm
 39d447d7cfe1905f367866106e0a93c3  10.2/RPMS/openldap-2.2.23-5.2.102mdk.i586.rpm
 7cf3ba7abc86585f2b20643a5534bc3e  10.2/RPMS/openldap-clients-2.2.23-5.2.102mdk.i586.rpm
 0a392204252086e1f69e66a743651370  10.2/RPMS/openldap-doc-2.2.23-5.2.102mdk.i586.rpm
 8e30d69b6f1d7a089f1f7888be736152  10.2/RPMS/openldap-migration-2.2.23-5.2.102mdk.i586.rpm
 5721773fc4cb14db7cbd86ec80fa2026  10.2/RPMS/openldap-servers-2.2.23-5.2.102mdk.i586.rpm
 d8ef3d7bf845b64d066ef932f7cef9ad  10.2/SRPMS/openldap-2.2.23-5.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 98a53d8c9a96b099e2870e5bcdbe70cc  x86_64/10.2/RPMS/lib64ldap2.2_7-2.2.23-5.2.102mdk.x86_64.rpm
 8c0b72d44fc6286ef03740166a5fed0c  x86_64/10.2/RPMS/lib64ldap2.2_7-devel-2.2.23-5.2.102mdk.x86_64.rpm
 a4e8ab2d4bdc1f9bc150197d1d28eba3  x86_64/10.2/RPMS/lib64ldap2.2_7-static-devel-2.2.23-5.2.102mdk.x86_64.rpm
 8a281bec432238a1f5b551ca9512bbe4  x86_64/10.2/RPMS/libldap2.2_7-2.2.23-5.2.102mdk.i586.rpm
 8da883025099c4a0a2d84e231537eb06  x86_64/10.2/RPMS/libldap2.2_7-devel-2.2.23-5.2.102mdk.i586.rpm
 e3d33c67cde6e42954855597bc8cbeb7  x86_64/10.2/RPMS/libldap2.2_7-static-devel-2.2.23-5.2.102mdk.i586.rpm
 09c1d4441880e7614efd28e0ce068721  x86_64/10.2/RPMS/openldap-2.2.23-5.2.102mdk.x86_64.rpm
 9705881b0d0f255782a3611de6ffb760  x86_64/10.2/RPMS/openldap-clients-2.2.23-5.2.102mdk.x86_64.rpm
 1583f53a26007650c8678fa6814f03ae  x86_64/10.2/RPMS/openldap-doc-2.2.23-5.2.102mdk.x86_64.rpm
 7184f0b73575647b498f0590cd089493  x86_64/10.2/RPMS/openldap-migration-2.2.23-5.2.102mdk.x86_64.rpm
 c1025ea947b00cdebcd419fc817597ae  x86_64/10.2/RPMS/openldap-servers-2.2.23-5.2.102mdk.x86_64.rpm
 d8ef3d7bf845b64d066ef932f7cef9ad  x86_64/10.2/SRPMS/openldap-2.2.23-5.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 ea8791b7c1d68b6d909b2400fb33319f  2006.0/RPMS/libldap2.3_0-2.3.6-4.1.20060mdk.i586.rpm
 703493c59b9f4d461e61ef728124005f  2006.0/RPMS/libldap2.3_0-devel-2.3.6-4.1.20060mdk.i586.rpm
 9efdee4dc7c3648022d7db3ff032273e  2006.0/RPMS/libldap2.3_0-static-devel-2.3.6-4.1.20060mdk.i586.rpm
 e1bea8e181354cb9491412df980a55b5  2006.0/RPMS/openldap-2.3.6-4.1.20060mdk.i586.rpm
 affa5cab856fe9a9c402136b8246cf53  2006.0/RPMS/openldap-clients-2.3.6-4.1.20060mdk.i586.rpm
 5daac277569ffbac8995288ff0aeaced  2006.0/RPMS/openldap-doc-2.3.6-4.1.20060mdk.i586.rpm
 a7ecd79a95ff817a349b032796332300  2006.0/RPMS/openldap-servers-2.3.6-4.1.20060mdk.i586.rpm
 56f8cf3e40ab9ded4965b9e2ca528de3  2006.0/SRPMS/openldap-2.3.6-4.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 9808e28b5610e1eddd845db8ccee1f20  x86_64/2006.0/RPMS/lib64ldap2.3_0-2.3.6-4.1.20060mdk.x86_64.rpm
 baf930097e1da0a4de75bfaef046025b  x86_64/2006.0/RPMS/lib64ldap2.3_0-devel-2.3.6-4.1.20060mdk.x86_64.rpm
 790382e365cd57aaea323be85419e512  x86_64/2006.0/RPMS/lib64ldap2.3_0-static-devel-2.3.6-4.1.20060mdk.x86_64.rpm
 ea8791b7c1d68b6d909b2400fb33319f  x86_64/2006.0/RPMS/libldap2.3_0-2.3.6-4.1.20060mdk.i586.rpm
 703493c59b9f4d461e61ef728124005f  x86_64/2006.0/RPMS/libldap2.3_0-devel-2.3.6-4.1.20060mdk.i586.rpm
 9efdee4dc7c3648022d7db3ff032273e  x86_64/2006.0/RPMS/libldap2.3_0-static-devel-2.3.6-4.1.20060mdk.i586.rpm
 1bc7a0a1c76fda9e647061ae541c39a0  x86_64/2006.0/RPMS/openldap-2.3.6-4.1.20060mdk.x86_64.rpm
 71770a09aeaf8d37b7e0c37ee5e84182  x86_64/2006.0/RPMS/openldap-clients-2.3.6-4.1.20060mdk.x86_64.rpm
 40c969879aa467374342f0f8d597f564  x86_64/2006.0/RPMS/openldap-doc-2.3.6-4.1.20060mdk.x86_64.rpm
 30ec0d98e7dd4a6289cb972517254ffd  x86_64/2006.0/RPMS/openldap-servers-2.3.6-4.1.20060mdk.x86_64.rpm
 56f8cf3e40ab9ded4965b9e2ca528de3  x86_64/2006.0/SRPMS/openldap-2.3.6-4.1.20060mdk.src.rpm

 Corporate 3.0:
 9f5b3d6bc1939e9cddc067b52a5c6905  corporate/3.0/RPMS/libldap2-2.1.25-7.2.C30mdk.i586.rpm
 b145cedba5b300c27153caa7b35c7e33  corporate/3.0/RPMS/libldap2-devel-2.1.25-7.2.C30mdk.i586.rpm
 37a25f61f47bbbde4d228784bde24813  corporate/3.0/RPMS/libldap2-devel-static-2.1.25-7.2.C30mdk.i586.rpm
 290216ecd86c48f1d433572e9c854484  corporate/3.0/RPMS/openldap-2.1.25-7.2.C30mdk.i586.rpm
 abdd42a6c4dc54290e03b51f57adf875  corporate/3.0/RPMS/openldap-back_dnssrv-2.1.25-7.2.C30mdk.i586.rpm
 701c6b5f6462c96a8aaff141637fa242  corporate/3.0/RPMS/openldap-back_ldap-2.1.25-7.2.C30mdk.i586.rpm
 0ca611e9d5a3eee7e999fc9947e09864  corporate/3.0/RPMS/openldap-back_passwd-2.1.25-7.2.C30mdk.i586.rpm
 19adeb4cac1e48d9549458fe7313ff7c  corporate/3.0/RPMS/openldap-back_sql-2.1.25-7.2.C30mdk.i586.rpm
 41a1f32492dbc4c122e95a4dd84a0feb  corporate/3.0/RPMS/openldap-clients-2.1.25-7.2.C30mdk.i586.rpm
 9b9c504105bc677244d1090f8c5bb5b2  corporate/3.0/RPMS/openldap-doc-2.1.25-7.2.C30mdk.i586.rpm
 f2902676cc7a397207281c829c27e6d1  corporate/3.0/RPMS/openldap-migration-2.1.25-7.2.C30mdk.i586.rpm
 731c1b97a63a45ba756772760c59c6c0  corporate/3.0/RPMS/openldap-servers-2.1.25-7.2.C30mdk.i586.rpm
 70f8323a5b1ee7cace35153eb8a4a977  corporate/3.0/SRPMS/openldap-2.1.25-7.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 ea6b0511387ed89a04dcf814ba5d4174  x86_64/corporate/3.0/RPMS/lib64ldap2-2.1.25-7.2.C30mdk.x86_64.rpm
 d5b1e13a6947c55a0e4fcce2e91b23f7  x86_64/corporate/3.0/RPMS/lib64ldap2-devel-2.1.25-7.2.C30mdk.x86_64.rpm
 b4f1b6d44fd41861a75aa92aaafef04e  x86_64/corporate/3.0/RPMS/lib64ldap2-devel-static-2.1.25-7.2.C30mdk.x86_64.rpm
 08dfbb1f3eac003c4635031295cc791f  x86_64/corporate/3.0/RPMS/openldap-2.1.25-7.2.C30mdk.x86_64.rpm
 ca206f54b9573076cee3a7eaabadd418  x86_64/corporate/3.0/RPMS/openldap-back_dnssrv-2.1.25-7.2.C30mdk.x86_64.rpm
 aa7ee91e2f51298c19b1d13c643c1a3c  x86_64/corporate/3.0/RPMS/openldap-back_ldap-2.1.25-7.2.C30mdk.x86_64.rpm
 76388eb3fb21ad49c5f60deb309f8055  x86_64/corporate/3.0/RPMS/openldap-back_passwd-2.1.25-7.2.C30mdk.x86_64.rpm
 44d4127e8a071b4a4384e5e5d00abdb6  x86_64/corporate/3.0/RPMS/openldap-back_sql-2.1.25-7.2.C30mdk.x86_64.rpm
 afc55cc7cc9b5b1d2d0d78328c71cef6  x86_64/corporate/3.0/RPMS/openldap-clients-2.1.25-7.2.C30mdk.x86_64.rpm
 58397772050830e56cada4a725923422  x86_64/corporate/3.0/RPMS/openldap-doc-2.1.25-7.2.C30mdk.x86_64.rpm
 a63018c5425a741cd9161efff32f1e06  x86_64/corporate/3.0/RPMS/openldap-migration-2.1.25-7.2.C30mdk.x86_64.rpm
 138f61cb6117553b8766ef1a806f07bc  x86_64/corporate/3.0/RPMS/openldap-servers-2.1.25-7.2.C30mdk.x86_64.rpm
 70f8323a5b1ee7cace35153eb8a4a977  x86_64/corporate/3.0/SRPMS/openldap-2.1.25-7.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.