LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Low: openldap security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux A updated openldap packages that fix a security flaw is now available for Red Hat Enterprise Linux 4. A flaw was found in the way OpenLDAP handled selfwrite access. Users with selfwrite access were able to modify the distinguished name of any user.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: openldap security update
Advisory ID:       RHSA-2007:0310-02
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0310.html
Issue date:        2007-05-01
Updated on:        2007-05-01
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-4600 
- ---------------------------------------------------------------------

1. Summary:

A updated openldap packages that fix a security flaw is now available for
Red Hat Enterprise Linux 4.

This update has been rated as having low security impact by the Red Hat 
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools.

A flaw was found in the way OpenLDAP handled selfwrite access. Users with
selfwrite access were able to modify the distinguished name of any user.
(CVE-2006-4600)

All users are advised to upgrade to these updated openldap packages, which
contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

205826 - CVE-2006-4600 openldap improper selfwrite access

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openldap-2.2.13-7.4E.src.rpm
6361da4ab6394b05ddeadc0f098a2920  openldap-2.2.13-7.4E.src.rpm

i386:
734452591616549fbf73e17b2271bd3e  compat-openldap-2.1.30-7.4E.i386.rpm
ba9170df21f098d47d0b20f2398a0d75  openldap-2.2.13-7.4E.i386.rpm
90de80e2d54e308fab31def982778336  openldap-clients-2.2.13-7.4E.i386.rpm
884c17ce1c3288dbcd46db1c41307bab  openldap-debuginfo-2.2.13-7.4E.i386.rpm
e7b2ebb7053cd2de3b6580e60a776030  openldap-devel-2.2.13-7.4E.i386.rpm
3c5405ebd50dba9c33eab8827c7b86d7  openldap-servers-2.2.13-7.4E.i386.rpm
9f09549a4bac7a15985e5c68d0e64f93  openldap-servers-sql-2.2.13-7.4E.i386.rpm

ia64:
734452591616549fbf73e17b2271bd3e  compat-openldap-2.1.30-7.4E.i386.rpm
67c1abbff376926a8ce8a349dcadc4c4  compat-openldap-2.1.30-7.4E.ia64.rpm
ba9170df21f098d47d0b20f2398a0d75  openldap-2.2.13-7.4E.i386.rpm
91ae8d90eadd2f44f94eea1e7f4de242  openldap-2.2.13-7.4E.ia64.rpm
8b2b1f0763d68f0ba99ae7024a1007cc  openldap-clients-2.2.13-7.4E.ia64.rpm
884c17ce1c3288dbcd46db1c41307bab  openldap-debuginfo-2.2.13-7.4E.i386.rpm
b764f9481a14c3b3a04c6705baa247f4  openldap-debuginfo-2.2.13-7.4E.ia64.rpm
c31c0bc8b3fb33ff5c2586e8d532a1c6  openldap-devel-2.2.13-7.4E.ia64.rpm
deef986e4e80960f184abcdfcb8b916d  openldap-servers-2.2.13-7.4E.ia64.rpm
f7d8e7436f307fe825921f6e44914d5b  openldap-servers-sql-2.2.13-7.4E.ia64.rpm

ppc:
d437ed52cb1c0d3861defe3dce935edb  compat-openldap-2.1.30-7.4E.ppc.rpm
7b48354b2a8d879adc2ce085797a2218  compat-openldap-2.1.30-7.4E.ppc64.rpm
98821d96824cc4c4354e4aae625b0a60  openldap-2.2.13-7.4E.ppc.rpm
922e9b90bc704cc0dc579d72a2d478be  openldap-2.2.13-7.4E.ppc64.rpm
e7d9d75e050437294e14c9e42d8d5f55  openldap-clients-2.2.13-7.4E.ppc.rpm
0ec5d83989b01e933099dd05d08c9d80  openldap-debuginfo-2.2.13-7.4E.ppc.rpm
117a66cc0e60ac4fae355ad3e0532635  openldap-debuginfo-2.2.13-7.4E.ppc64.rpm
295354e11427e192a92e49746c2b8800  openldap-devel-2.2.13-7.4E.ppc.rpm
14c8cc18be701894afc82b6880ace4af  openldap-servers-2.2.13-7.4E.ppc.rpm
53a9c2088328b47c14319aa80d24e38a  openldap-servers-sql-2.2.13-7.4E.ppc.rpm

s390:
bf383f13cf7864a820f8a926c3e98a18  compat-openldap-2.1.30-7.4E.s390.rpm
8a4788f71401843555b552a2e4633184  openldap-2.2.13-7.4E.s390.rpm
523f83037bbafc8a5738adc56e797c11  openldap-clients-2.2.13-7.4E.s390.rpm
0009f97a89c9e9645b811f881ff3855a  openldap-debuginfo-2.2.13-7.4E.s390.rpm
07e54e63f580aa63a9434eeb23f5177d  openldap-devel-2.2.13-7.4E.s390.rpm
3f30a3153ae36d729d2400865e0e4535  openldap-servers-2.2.13-7.4E.s390.rpm
78c1c932920f29f1d4850c291e9174a5  openldap-servers-sql-2.2.13-7.4E.s390.rpm

s390x:
bf383f13cf7864a820f8a926c3e98a18  compat-openldap-2.1.30-7.4E.s390.rpm
d50525d3e4a082c1b42d694850d85309  compat-openldap-2.1.30-7.4E.s390x.rpm
8a4788f71401843555b552a2e4633184  openldap-2.2.13-7.4E.s390.rpm
c97e87d1230100bdef87955bdbe844b2  openldap-2.2.13-7.4E.s390x.rpm
61bc7a53da94a42c3ce1b5c71abf50e1  openldap-clients-2.2.13-7.4E.s390x.rpm
0009f97a89c9e9645b811f881ff3855a  openldap-debuginfo-2.2.13-7.4E.s390.rpm
4c9e64292dea0c474bf18ed213d2a704  openldap-debuginfo-2.2.13-7.4E.s390x.rpm
21dc01c8fbc94cb6952c75fbde1c07db  openldap-devel-2.2.13-7.4E.s390x.rpm
4f4175522ab7e72bfb1f2998bae5ec76  openldap-servers-2.2.13-7.4E.s390x.rpm
3a45d711f7630f9e95b881ad53727eb4  openldap-servers-sql-2.2.13-7.4E.s390x.rpm

x86_64:
734452591616549fbf73e17b2271bd3e  compat-openldap-2.1.30-7.4E.i386.rpm
0857e9c56f0e0b1a79d030095c8bacfc  compat-openldap-2.1.30-7.4E.x86_64.rpm
ba9170df21f098d47d0b20f2398a0d75  openldap-2.2.13-7.4E.i386.rpm
de900974e30e11b6c377d40e4f8e39e8  openldap-2.2.13-7.4E.x86_64.rpm
959a8a1685419b90724959c823c068e1  openldap-clients-2.2.13-7.4E.x86_64.rpm
884c17ce1c3288dbcd46db1c41307bab  openldap-debuginfo-2.2.13-7.4E.i386.rpm
5fc9f3152530ee8c217ef0a0daef4b93  openldap-debuginfo-2.2.13-7.4E.x86_64.rpm
8f9f3f89468bd592c97fe1287905ecda  openldap-devel-2.2.13-7.4E.x86_64.rpm
112dbb50c82fcd6545b03568b62b2159  openldap-servers-2.2.13-7.4E.x86_64.rpm
469c3b1f539bca8b76b7a97856ca6ec9  openldap-servers-sql-2.2.13-7.4E.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openldap-2.2.13-7.4E.src.rpm
6361da4ab6394b05ddeadc0f098a2920  openldap-2.2.13-7.4E.src.rpm

i386:
734452591616549fbf73e17b2271bd3e  compat-openldap-2.1.30-7.4E.i386.rpm
ba9170df21f098d47d0b20f2398a0d75  openldap-2.2.13-7.4E.i386.rpm
90de80e2d54e308fab31def982778336  openldap-clients-2.2.13-7.4E.i386.rpm
884c17ce1c3288dbcd46db1c41307bab  openldap-debuginfo-2.2.13-7.4E.i386.rpm
e7b2ebb7053cd2de3b6580e60a776030  openldap-devel-2.2.13-7.4E.i386.rpm
3c5405ebd50dba9c33eab8827c7b86d7  openldap-servers-2.2.13-7.4E.i386.rpm
9f09549a4bac7a15985e5c68d0e64f93  openldap-servers-sql-2.2.13-7.4E.i386.rpm

x86_64:
734452591616549fbf73e17b2271bd3e  compat-openldap-2.1.30-7.4E.i386.rpm
0857e9c56f0e0b1a79d030095c8bacfc  compat-openldap-2.1.30-7.4E.x86_64.rpm
ba9170df21f098d47d0b20f2398a0d75  openldap-2.2.13-7.4E.i386.rpm
de900974e30e11b6c377d40e4f8e39e8  openldap-2.2.13-7.4E.x86_64.rpm
959a8a1685419b90724959c823c068e1  openldap-clients-2.2.13-7.4E.x86_64.rpm
884c17ce1c3288dbcd46db1c41307bab  openldap-debuginfo-2.2.13-7.4E.i386.rpm
5fc9f3152530ee8c217ef0a0daef4b93  openldap-debuginfo-2.2.13-7.4E.x86_64.rpm
8f9f3f89468bd592c97fe1287905ecda  openldap-devel-2.2.13-7.4E.x86_64.rpm
112dbb50c82fcd6545b03568b62b2159  openldap-servers-2.2.13-7.4E.x86_64.rpm
469c3b1f539bca8b76b7a97856ca6ec9  openldap-servers-sql-2.2.13-7.4E.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openldap-2.2.13-7.4E.src.rpm
6361da4ab6394b05ddeadc0f098a2920  openldap-2.2.13-7.4E.src.rpm

i386:
734452591616549fbf73e17b2271bd3e  compat-openldap-2.1.30-7.4E.i386.rpm
ba9170df21f098d47d0b20f2398a0d75  openldap-2.2.13-7.4E.i386.rpm
90de80e2d54e308fab31def982778336  openldap-clients-2.2.13-7.4E.i386.rpm
884c17ce1c3288dbcd46db1c41307bab  openldap-debuginfo-2.2.13-7.4E.i386.rpm
e7b2ebb7053cd2de3b6580e60a776030  openldap-devel-2.2.13-7.4E.i386.rpm
3c5405ebd50dba9c33eab8827c7b86d7  openldap-servers-2.2.13-7.4E.i386.rpm
9f09549a4bac7a15985e5c68d0e64f93  openldap-servers-sql-2.2.13-7.4E.i386.rpm

ia64:
734452591616549fbf73e17b2271bd3e  compat-openldap-2.1.30-7.4E.i386.rpm
67c1abbff376926a8ce8a349dcadc4c4  compat-openldap-2.1.30-7.4E.ia64.rpm
ba9170df21f098d47d0b20f2398a0d75  openldap-2.2.13-7.4E.i386.rpm
91ae8d90eadd2f44f94eea1e7f4de242  openldap-2.2.13-7.4E.ia64.rpm
8b2b1f0763d68f0ba99ae7024a1007cc  openldap-clients-2.2.13-7.4E.ia64.rpm
884c17ce1c3288dbcd46db1c41307bab  openldap-debuginfo-2.2.13-7.4E.i386.rpm
b764f9481a14c3b3a04c6705baa247f4  openldap-debuginfo-2.2.13-7.4E.ia64.rpm
c31c0bc8b3fb33ff5c2586e8d532a1c6  openldap-devel-2.2.13-7.4E.ia64.rpm
deef986e4e80960f184abcdfcb8b916d  openldap-servers-2.2.13-7.4E.ia64.rpm
f7d8e7436f307fe825921f6e44914d5b  openldap-servers-sql-2.2.13-7.4E.ia64.rpm

x86_64:
734452591616549fbf73e17b2271bd3e  compat-openldap-2.1.30-7.4E.i386.rpm
0857e9c56f0e0b1a79d030095c8bacfc  compat-openldap-2.1.30-7.4E.x86_64.rpm
ba9170df21f098d47d0b20f2398a0d75  openldap-2.2.13-7.4E.i386.rpm
de900974e30e11b6c377d40e4f8e39e8  openldap-2.2.13-7.4E.x86_64.rpm
959a8a1685419b90724959c823c068e1  openldap-clients-2.2.13-7.4E.x86_64.rpm
884c17ce1c3288dbcd46db1c41307bab  openldap-debuginfo-2.2.13-7.4E.i386.rpm
5fc9f3152530ee8c217ef0a0daef4b93  openldap-debuginfo-2.2.13-7.4E.x86_64.rpm
8f9f3f89468bd592c97fe1287905ecda  openldap-devel-2.2.13-7.4E.x86_64.rpm
112dbb50c82fcd6545b03568b62b2159  openldap-servers-2.2.13-7.4E.x86_64.rpm
469c3b1f539bca8b76b7a97856ca6ec9  openldap-servers-sql-2.2.13-7.4E.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openldap-2.2.13-7.4E.src.rpm
6361da4ab6394b05ddeadc0f098a2920  openldap-2.2.13-7.4E.src.rpm

i386:
734452591616549fbf73e17b2271bd3e  compat-openldap-2.1.30-7.4E.i386.rpm
ba9170df21f098d47d0b20f2398a0d75  openldap-2.2.13-7.4E.i386.rpm
90de80e2d54e308fab31def982778336  openldap-clients-2.2.13-7.4E.i386.rpm
884c17ce1c3288dbcd46db1c41307bab  openldap-debuginfo-2.2.13-7.4E.i386.rpm
e7b2ebb7053cd2de3b6580e60a776030  openldap-devel-2.2.13-7.4E.i386.rpm
3c5405ebd50dba9c33eab8827c7b86d7  openldap-servers-2.2.13-7.4E.i386.rpm
9f09549a4bac7a15985e5c68d0e64f93  openldap-servers-sql-2.2.13-7.4E.i386.rpm

ia64:
734452591616549fbf73e17b2271bd3e  compat-openldap-2.1.30-7.4E.i386.rpm
67c1abbff376926a8ce8a349dcadc4c4  compat-openldap-2.1.30-7.4E.ia64.rpm
ba9170df21f098d47d0b20f2398a0d75  openldap-2.2.13-7.4E.i386.rpm
91ae8d90eadd2f44f94eea1e7f4de242  openldap-2.2.13-7.4E.ia64.rpm
8b2b1f0763d68f0ba99ae7024a1007cc  openldap-clients-2.2.13-7.4E.ia64.rpm
884c17ce1c3288dbcd46db1c41307bab  openldap-debuginfo-2.2.13-7.4E.i386.rpm
b764f9481a14c3b3a04c6705baa247f4  openldap-debuginfo-2.2.13-7.4E.ia64.rpm
c31c0bc8b3fb33ff5c2586e8d532a1c6  openldap-devel-2.2.13-7.4E.ia64.rpm
deef986e4e80960f184abcdfcb8b916d  openldap-servers-2.2.13-7.4E.ia64.rpm
f7d8e7436f307fe825921f6e44914d5b  openldap-servers-sql-2.2.13-7.4E.ia64.rpm

x86_64:
734452591616549fbf73e17b2271bd3e  compat-openldap-2.1.30-7.4E.i386.rpm
0857e9c56f0e0b1a79d030095c8bacfc  compat-openldap-2.1.30-7.4E.x86_64.rpm
ba9170df21f098d47d0b20f2398a0d75  openldap-2.2.13-7.4E.i386.rpm
de900974e30e11b6c377d40e4f8e39e8  openldap-2.2.13-7.4E.x86_64.rpm
959a8a1685419b90724959c823c068e1  openldap-clients-2.2.13-7.4E.x86_64.rpm
884c17ce1c3288dbcd46db1c41307bab  openldap-debuginfo-2.2.13-7.4E.i386.rpm
5fc9f3152530ee8c217ef0a0daef4b93  openldap-debuginfo-2.2.13-7.4E.x86_64.rpm
8f9f3f89468bd592c97fe1287905ecda  openldap-devel-2.2.13-7.4E.x86_64.rpm
112dbb50c82fcd6545b03568b62b2159  openldap-servers-2.2.13-7.4E.x86_64.rpm
469c3b1f539bca8b76b7a97856ca6ec9  openldap-servers-sql-2.2.13-7.4E.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.