SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Directory)  >   OpenLDAP Vendors:   OpenLDAP.org
(Caldera Issues Fix) OpenLDAP Stand-alone LDAP Server (slapd) Bug Lets Valid Remote Users Delete Attributes Without Authorization
SecurityTracker Alert ID:  1003486
SecurityTracker URL:  http://securitytracker.com/id/1003486
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 8 2002
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0.20; possibly prior versions
Description:   A vulnerability was reported in OpenLDAP's standalone LDAP server. A remote user can delete attributes without authorization.

It is reported that the stand-alone LDAP server (slapd) version 2.0.x allows entities with access to the LDAP service to make an unauthorized replacement of the values of arbitrary attributes with an empty set of values, deleting the attribute completely.

A demonstration exploit transcript is provided in the Source Message.

Impact:   A remote user with access to the LDAP server can delete arbitrary attributes without authorization.
Solution:   The vendor has released a fix.

For OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS

The verification checksums are:

b333cf77ecde92a6c3b6e4c313361e09 RPMS/openldap-2.0.11-11S.i386.rpm
360db3b5a0f9d0321b00ff0f87b82597 RPMS/openldap-devel-2.0.11-11S.i386.rpm
998057cac63c831a98cdf95aa3836618 SRPMS/openldap-2.0.11-11S.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh openldap-2.0.11-11S.i386.rpm \
openldap-devel-2.0.11-11S.i386.rpm

! test -f /var/lock/subsys/ldap || /etc/rc.d/init.d/ldap restart

For OpenLinux 3.1 Server:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

The verification checksums are:

9f26a9aeece05e9b105ad91dc7a42e81 RPMS/openldap-2.0.11-11.i386.rpm
c9d647ce4c4e32504f8e4dc591abf913 RPMS/openldap-devel-2.0.11-11.i386.rpm
9c711fcadd57f4438804f28f9f093ff1 SRPMS/openldap-2.0.11-11.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh openldap-2.0.11-11.i386.rpm \
openldap-devel-2.0.11-11.i386.rpm

! test -f /var/lock/subsys/ldap || /etc/rc.d/init.d/ldap restart

For OpenLinux 3.1 Workstation:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

The verification checksums are:

9f26a9aeece05e9b105ad91dc7a42e81 RPMS/openldap-2.0.11-11.i386.rpm
c9d647ce4c4e32504f8e4dc591abf913 RPMS/openldap-devel-2.0.11-11.i386.rpm
9c711fcadd57f4438804f28f9f093ff1 SRPMS/openldap-2.0.11-11.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh openldap-2.0.11-11.i386.rpm \
openldap-devel-2.0.11-11.i386.rpm

! test -f /var/lock/subsys/ldap || /etc/rc.d/init.d/ldap restart

For OpenLinux 3.1 IA64:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/IA64/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/IA64/current/SRPMS

The verification checksums are:

8930f4659c778991f12e2321db0c15f1 RPMS/openldap-2.0.11-11.ia64.rpm
40057a2bc591a7ea7b3fbd9f30a38ffb RPMS/openldap-devel-2.0.11-11.ia64.rpm
9c711fcadd57f4438804f28f9f093ff1 SRPMS/openldap-2.0.11-11.src.rpm


Upgrade the affected packages with the following commands:

rpm -Fvh openldap-2.0.11-11.ia64.rpm \
openldap-devel-2.0.11-11.ia64.rpm

! test -f /var/lock/subsys/ldap || /etc/rc.d/init.d/ldap restart

For OpenLinux 3.1.1 Server:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

The verification checksums are:

6063e436317e63de7d7dfd1d6ab11e47 RPMS/openldap-2.0.11-11.i386.rpm
886b4f5106c4fd116a1e8a5a51a90f53 RPMS/openldap-devel-2.0.11-11.i386.rpm
9c711fcadd57f4438804f28f9f093ff1 SRPMS/openldap-2.0.11-11.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh openldap-2.0.11-11.i386.rpm \
openldap-devel-2.0.11-11.i386.rpm

! test -f /var/lock/subsys/ldap || /etc/rc.d/init.d/ldap restart

For OpenLinux 3.1.1 Workstation:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

The verification checksums are:

6063e436317e63de7d7dfd1d6ab11e47 RPMS/openldap-2.0.11-11.i386.rpm
886b4f5106c4fd116a1e8a5a51a90f53 RPMS/openldap-devel-2.0.11-11.i386.rpm
9c711fcadd57f4438804f28f9f093ff1 SRPMS/openldap-2.0.11-11.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh openldap-2.0.11-11.i386.rpm \
openldap-devel-2.0.11-11.i386.rpm

! test -f /var/lock/subsys/ldap || /etc/rc.d/init.d/ldap restart

Vendor URL:  www.openldap.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Caldera/SCO)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 16 2002 OpenLDAP Stand-alone LDAP Server (slapd) Bug Lets Valid Remote Users Delete Attributes Without Authorization



 Source Message Contents

Subject:  Security Update [CSSA-2002-001.0] Linux - OpenLDAP attribute deletion problem


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera International, Inc.  Security Advisory

Subject:		Linux - OpenLDAP attribute deletion problem
Advisory number: 	CSSA-2002-001.0
Issue date: 		2002, January 16
Cross reference:
______________________________________________________________________________


1. Problem Description

   Recently a security flaw was discovered in OpenLDAP 2.0.19 slapd(8)
   regarding application of access controls upon modify operations issued
   by authenticated users. Specifically, slapd(8) did not disallow a
   replace with no values from deleting the attribute which was protected
   by ACLs (if such was allowed by checked schema rules). That is, this
   flaw allowed any authenticated user to delete any non-mandatory
   attribute of an object. In 2.0 versions prior to 2.0.8, this flaw is
   NOT restricted to authenticated users (that is, anonymous users can
   abuse the flaw as well).


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3                 not vulnerable                
   
   OpenLinux eServer 2.3.1       All packages previous to      
   and OpenLinux eBuilder        openldap-2.0.11-11S           
   
   OpenLinux eDesktop 2.4        not vulnerable                
   
   OpenLinux Server 3.1          All packages previous to      
                                 openldap-2.0.11-11            
   
   OpenLinux Workstation 3.1     All packages previous to      
                                 openldap-2.0.11-11            
   
   OpenLinux 3.1 IA64            All packages previous to      
                                 openldap-2.0.11-11            
   
   OpenLinux Server 3.1.1        All packages previous to      
                                 openldap-2.0.11-11            
   
   OpenLinux Workstation         All packages previous to      
   3.1.1                         openldap-2.0.11-11            
   


3. Solution

   Workaround

     none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

    not vulnerable

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

    5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       b333cf77ecde92a6c3b6e4c313361e09  RPMS/openldap-2.0.11-11S.i386.rpm
       360db3b5a0f9d0321b00ff0f87b82597  RPMS/openldap-devel-2.0.11-11S.i386.rpm
       998057cac63c831a98cdf95aa3836618  SRPMS/openldap-2.0.11-11S.src.rpm
       

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh openldap-2.0.11-11S.i386.rpm \
              openldap-devel-2.0.11-11S.i386.rpm
         
         ! test -f /var/lock/subsys/ldap || /etc/rc.d/init.d/ldap restart

6. OpenLinux eDesktop 2.4

    not vulnerable

7. OpenLinux 3.1 Server

    7.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

   7.2 Verification

       9f26a9aeece05e9b105ad91dc7a42e81  RPMS/openldap-2.0.11-11.i386.rpm
       c9d647ce4c4e32504f8e4dc591abf913  RPMS/openldap-devel-2.0.11-11.i386.rpm
       9c711fcadd57f4438804f28f9f093ff1  SRPMS/openldap-2.0.11-11.src.rpm
       

   7.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh openldap-2.0.11-11.i386.rpm \
              openldap-devel-2.0.11-11.i386.rpm
         
         ! test -f /var/lock/subsys/ldap || /etc/rc.d/init.d/ldap restart

8. OpenLinux 3.1 Workstation

    8.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

   8.2 Verification

       9f26a9aeece05e9b105ad91dc7a42e81  RPMS/openldap-2.0.11-11.i386.rpm
       c9d647ce4c4e32504f8e4dc591abf913  RPMS/openldap-devel-2.0.11-11.i386.rpm
       9c711fcadd57f4438804f28f9f093ff1  SRPMS/openldap-2.0.11-11.src.rpm
       

   8.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh openldap-2.0.11-11.i386.rpm \
              openldap-devel-2.0.11-11.i386.rpm
         
         ! test -f /var/lock/subsys/ldap || /etc/rc.d/init.d/ldap restart

9. OpenLinux 3.1 IA64

    9.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/IA64/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/IA64/current/SRPMS

   9.2 Verification

       8930f4659c778991f12e2321db0c15f1  RPMS/openldap-2.0.11-11.ia64.rpm
       40057a2bc591a7ea7b3fbd9f30a38ffb  RPMS/openldap-devel-2.0.11-11.ia64.rpm
       9c711fcadd57f4438804f28f9f093ff1  SRPMS/openldap-2.0.11-11.src.rpm
       

   9.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh openldap-2.0.11-11.ia64.rpm \
              openldap-devel-2.0.11-11.ia64.rpm
         
         ! test -f /var/lock/subsys/ldap || /etc/rc.d/init.d/ldap restart

10. OpenLinux 3.1.1 Server

    10.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

   10.2 Verification

       6063e436317e63de7d7dfd1d6ab11e47  RPMS/openldap-2.0.11-11.i386.rpm
       886b4f5106c4fd116a1e8a5a51a90f53  RPMS/openldap-devel-2.0.11-11.i386.rpm
       9c711fcadd57f4438804f28f9f093ff1  SRPMS/openldap-2.0.11-11.src.rpm
       

   10.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh openldap-2.0.11-11.i386.rpm \
              openldap-devel-2.0.11-11.i386.rpm
         
         ! test -f /var/lock/subsys/ldap || /etc/rc.d/init.d/ldap restart

11. OpenLinux 3.1.1 Workstation

    11.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

   11.2 Verification

       6063e436317e63de7d7dfd1d6ab11e47  RPMS/openldap-2.0.11-11.i386.rpm
       886b4f5106c4fd116a1e8a5a51a90f53  RPMS/openldap-devel-2.0.11-11.i386.rpm
       9c711fcadd57f4438804f28f9f093ff1  SRPMS/openldap-2.0.11-11.src.rpm
       

   11.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh openldap-2.0.11-11.i386.rpm \
              openldap-devel-2.0.11-11.i386.rpm
         
         ! test -f /var/lock/subsys/ldap || /etc/rc.d/init.d/ldap restart


12. References

   This and other Caldera security resources are located at:

   http://www.caldera.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 11338.


13. Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8X8EE18sy83A/qfwRAr7jAJ9dtpcF8hvPHDNzopWX675pPCtcHQCfRz5b
nCzfU+dsuToQJzm/TpZpgMQ=
=g4rm
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@lists.caldera.com
For additional commands, e-mail: announce-help@lists.caldera.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC