(Conectiva Issues Fix) OpenLDAP Stand-alone LDAP Server (slapd) Bug Lets Valid Remote Users Delete Attributes Without Authorization
|
|
SecurityTracker Alert ID: 1003378 |
|
SecurityTracker URL: http://securitytracker.com/id/1003378
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jan 28 2002
|
Impact:
Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.0.20; possibly prior versions
|
Description:
A vulnerability was reported in OpenLDAP's standalone LDAP server. A remote user can delete attributes without authorization.
It is reported that the stand-alone LDAP server (slapd) version 2.0.x allows entities with access to the LDAP service to make an unauthorized replacement of the values of arbitrary attributes with an empty set of values, deleting the attribute completely.
A demonstration exploit transcript is provided in the Source Message.
|
Impact:
A remote user with access to the LDAP server can delete arbitrary attributes without authorization.
|
Solution:
The vendor has released a fix and recommends that all OpenLDAP 2.0.x users upgrade their packages. If the service is already running, the upgrade will automatically restart it.
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/openldap2-2.0.21-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-2.0.21-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-devel-2.0.21-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-tests-2.0.21-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openldap-2.0.21-1U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-client-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-devel-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-devel-static-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-doc-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-server-2.0.21-1U70_2cl.i386.rpm
Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
(replace 6.0 with the correct version number if you are not running CL6.0)
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
|
Vendor URL: www.openldap.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Conectiva)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 28 Jan 2002 12:17:55 -0200
Subject: [conectiva-updates] [CLA-2002:459] Conectiva Linux Security Announcement - openldap
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : openldap
SUMMARY :
DATE : 2002-01-28 12:17:00
ID : CLA-2002:459
RELEVANT
RELEASES : 6.0, 7.0
- -------------------------------------------------------------------------
DESCRIPTION
OpenLDAP[1] is an LDAPv2 and LDAPv3 server available for several
platforms.
Thomas Fritz reported[3] a vulnerability in the ldap server which
could be exploited by remote attackers to delete attributes from an
object even if those attributes were protected by ACLs.
Authenticated users (in openldap versions 2.0.8 up to 2.0.19) could
issue a REPLACE command for an attribute where the new value is an
empty one, thus effectively removing the attribute if allowed by the
current schema, that is, if the attribute in question is not
mandatory. In versions prior to 2.0.8, anonymous users could do this
as well, regardless of ACLs protecting this attribute.
The OpenLDAP project has released[2] a new version to address this
vulnerability. OpenLDAP 1.2.x is not affected by this vulnerability,
only the specified 2.0.x releases.
SOLUTION
It is recommended that all OpenLDAP 2.0.x users upgrade their
packages. If the service is already running, the upgrade will
automatically restart it.
REFERENCES
1. http://www.openldap.org
2.
http://www.openldap.org/lists/openldap-announce/200201/msg00002.html
3. http://www.openldap.org/lists/openldap-bugs/200201/msg00049.html
4. http://www.securityfocus.com/bid/3945
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/openldap2-2.0.21-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-2.0.21-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-devel-2.0.21-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-tests-2.0.21-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openldap-2.0.21-1U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-client-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-devel-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-devel-static-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-doc-2.0.21-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-server-2.0.21-1U70_2cl.i386.rpm
ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
(replace 6.0 with the correct version number if you are not running CL6.0)
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8VV2S42jd0JmAcZARAvacAJ0Qf999SH6JW8Nkj0ETRaO9H/Bb4ACfRnkN
KZdyorbm6UavBkPVeSHxry4=
=6L8z
-----END PGP SIGNATURE-----
|
|
