Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in openldap
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in openldap
ID: RHSA-2007:0310-02
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux
Datum: Di, 1. Mai 2007, 20:13
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600
Applikationen: OpenLDAP

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Low: openldap security update
Advisory ID: RHSA-2007:0310-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0310.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-4600
- ---------------------------------------------------------------------

1. Summary:

A updated openldap packages that fix a security flaw is now available for
Red Hat Enterprise Linux 4.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools.

A flaw was found in the way OpenLDAP handled selfwrite access. Users with
selfwrite access were able to modify the distinguished name of any user.
(CVE-2006-4600)

All users are advised to upgrade to these updated openldap packages, which
contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

205826 - CVE-2006-4600 openldap improper selfwrite access

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
openldap-2.2.13-7.4E.src.rpm
6361da4ab6394b05ddeadc0f098a2920 openldap-2.2.13-7.4E.src.rpm

i386:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
90de80e2d54e308fab31def982778336 openldap-clients-2.2.13-7.4E.i386.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
e7b2ebb7053cd2de3b6580e60a776030 openldap-devel-2.2.13-7.4E.i386.rpm
3c5405ebd50dba9c33eab8827c7b86d7 openldap-servers-2.2.13-7.4E.i386.rpm
9f09549a4bac7a15985e5c68d0e64f93 openldap-servers-sql-2.2.13-7.4E.i386.rpm

ia64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
67c1abbff376926a8ce8a349dcadc4c4 compat-openldap-2.1.30-7.4E.ia64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
91ae8d90eadd2f44f94eea1e7f4de242 openldap-2.2.13-7.4E.ia64.rpm
8b2b1f0763d68f0ba99ae7024a1007cc openldap-clients-2.2.13-7.4E.ia64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
b764f9481a14c3b3a04c6705baa247f4 openldap-debuginfo-2.2.13-7.4E.ia64.rpm
c31c0bc8b3fb33ff5c2586e8d532a1c6 openldap-devel-2.2.13-7.4E.ia64.rpm
deef986e4e80960f184abcdfcb8b916d openldap-servers-2.2.13-7.4E.ia64.rpm
f7d8e7436f307fe825921f6e44914d5b openldap-servers-sql-2.2.13-7.4E.ia64.rpm

ppc:
d437ed52cb1c0d3861defe3dce935edb compat-openldap-2.1.30-7.4E.ppc.rpm
7b48354b2a8d879adc2ce085797a2218 compat-openldap-2.1.30-7.4E.ppc64.rpm
98821d96824cc4c4354e4aae625b0a60 openldap-2.2.13-7.4E.ppc.rpm
922e9b90bc704cc0dc579d72a2d478be openldap-2.2.13-7.4E.ppc64.rpm
e7d9d75e050437294e14c9e42d8d5f55 openldap-clients-2.2.13-7.4E.ppc.rpm
0ec5d83989b01e933099dd05d08c9d80 openldap-debuginfo-2.2.13-7.4E.ppc.rpm
117a66cc0e60ac4fae355ad3e0532635 openldap-debuginfo-2.2.13-7.4E.ppc64.rpm
295354e11427e192a92e49746c2b8800 openldap-devel-2.2.13-7.4E.ppc.rpm
14c8cc18be701894afc82b6880ace4af openldap-servers-2.2.13-7.4E.ppc.rpm
53a9c2088328b47c14319aa80d24e38a openldap-servers-sql-2.2.13-7.4E.ppc.rpm

s390:
bf383f13cf7864a820f8a926c3e98a18 compat-openldap-2.1.30-7.4E.s390.rpm
8a4788f71401843555b552a2e4633184 openldap-2.2.13-7.4E.s390.rpm
523f83037bbafc8a5738adc56e797c11 openldap-clients-2.2.13-7.4E.s390.rpm
0009f97a89c9e9645b811f881ff3855a openldap-debuginfo-2.2.13-7.4E.s390.rpm
07e54e63f580aa63a9434eeb23f5177d openldap-devel-2.2.13-7.4E.s390.rpm
3f30a3153ae36d729d2400865e0e4535 openldap-servers-2.2.13-7.4E.s390.rpm
78c1c932920f29f1d4850c291e9174a5 openldap-servers-sql-2.2.13-7.4E.s390.rpm

s390x:
bf383f13cf7864a820f8a926c3e98a18 compat-openldap-2.1.30-7.4E.s390.rpm
d50525d3e4a082c1b42d694850d85309 compat-openldap-2.1.30-7.4E.s390x.rpm
8a4788f71401843555b552a2e4633184 openldap-2.2.13-7.4E.s390.rpm
c97e87d1230100bdef87955bdbe844b2 openldap-2.2.13-7.4E.s390x.rpm
61bc7a53da94a42c3ce1b5c71abf50e1 openldap-clients-2.2.13-7.4E.s390x.rpm
0009f97a89c9e9645b811f881ff3855a openldap-debuginfo-2.2.13-7.4E.s390.rpm
4c9e64292dea0c474bf18ed213d2a704 openldap-debuginfo-2.2.13-7.4E.s390x.rpm
21dc01c8fbc94cb6952c75fbde1c07db openldap-devel-2.2.13-7.4E.s390x.rpm
4f4175522ab7e72bfb1f2998bae5ec76 openldap-servers-2.2.13-7.4E.s390x.rpm
3a45d711f7630f9e95b881ad53727eb4 openldap-servers-sql-2.2.13-7.4E.s390x.rpm

x86_64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
0857e9c56f0e0b1a79d030095c8bacfc compat-openldap-2.1.30-7.4E.x86_64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
de900974e30e11b6c377d40e4f8e39e8 openldap-2.2.13-7.4E.x86_64.rpm
959a8a1685419b90724959c823c068e1 openldap-clients-2.2.13-7.4E.x86_64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
5fc9f3152530ee8c217ef0a0daef4b93 openldap-debuginfo-2.2.13-7.4E.x86_64.rpm
8f9f3f89468bd592c97fe1287905ecda openldap-devel-2.2.13-7.4E.x86_64.rpm
112dbb50c82fcd6545b03568b62b2159 openldap-servers-2.2.13-7.4E.x86_64.rpm
469c3b1f539bca8b76b7a97856ca6ec9 openldap-servers-sql-2.2.13-7.4E.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
openldap-2.2.13-7.4E.src.rpm
6361da4ab6394b05ddeadc0f098a2920 openldap-2.2.13-7.4E.src.rpm

i386:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
90de80e2d54e308fab31def982778336 openldap-clients-2.2.13-7.4E.i386.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
e7b2ebb7053cd2de3b6580e60a776030 openldap-devel-2.2.13-7.4E.i386.rpm
3c5405ebd50dba9c33eab8827c7b86d7 openldap-servers-2.2.13-7.4E.i386.rpm
9f09549a4bac7a15985e5c68d0e64f93 openldap-servers-sql-2.2.13-7.4E.i386.rpm

x86_64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
0857e9c56f0e0b1a79d030095c8bacfc compat-openldap-2.1.30-7.4E.x86_64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
de900974e30e11b6c377d40e4f8e39e8 openldap-2.2.13-7.4E.x86_64.rpm
959a8a1685419b90724959c823c068e1 openldap-clients-2.2.13-7.4E.x86_64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
5fc9f3152530ee8c217ef0a0daef4b93 openldap-debuginfo-2.2.13-7.4E.x86_64.rpm
8f9f3f89468bd592c97fe1287905ecda openldap-devel-2.2.13-7.4E.x86_64.rpm
112dbb50c82fcd6545b03568b62b2159 openldap-servers-2.2.13-7.4E.x86_64.rpm
469c3b1f539bca8b76b7a97856ca6ec9 openldap-servers-sql-2.2.13-7.4E.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
openldap-2.2.13-7.4E.src.rpm
6361da4ab6394b05ddeadc0f098a2920 openldap-2.2.13-7.4E.src.rpm

i386:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
90de80e2d54e308fab31def982778336 openldap-clients-2.2.13-7.4E.i386.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
e7b2ebb7053cd2de3b6580e60a776030 openldap-devel-2.2.13-7.4E.i386.rpm
3c5405ebd50dba9c33eab8827c7b86d7 openldap-servers-2.2.13-7.4E.i386.rpm
9f09549a4bac7a15985e5c68d0e64f93 openldap-servers-sql-2.2.13-7.4E.i386.rpm

ia64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
67c1abbff376926a8ce8a349dcadc4c4 compat-openldap-2.1.30-7.4E.ia64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
91ae8d90eadd2f44f94eea1e7f4de242 openldap-2.2.13-7.4E.ia64.rpm
8b2b1f0763d68f0ba99ae7024a1007cc openldap-clients-2.2.13-7.4E.ia64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
b764f9481a14c3b3a04c6705baa247f4 openldap-debuginfo-2.2.13-7.4E.ia64.rpm
c31c0bc8b3fb33ff5c2586e8d532a1c6 openldap-devel-2.2.13-7.4E.ia64.rpm
deef986e4e80960f184abcdfcb8b916d openldap-servers-2.2.13-7.4E.ia64.rpm
f7d8e7436f307fe825921f6e44914d5b openldap-servers-sql-2.2.13-7.4E.ia64.rpm

x86_64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
0857e9c56f0e0b1a79d030095c8bacfc compat-openldap-2.1.30-7.4E.x86_64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
de900974e30e11b6c377d40e4f8e39e8 openldap-2.2.13-7.4E.x86_64.rpm
959a8a1685419b90724959c823c068e1 openldap-clients-2.2.13-7.4E.x86_64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
5fc9f3152530ee8c217ef0a0daef4b93 openldap-debuginfo-2.2.13-7.4E.x86_64.rpm
8f9f3f89468bd592c97fe1287905ecda openldap-devel-2.2.13-7.4E.x86_64.rpm
112dbb50c82fcd6545b03568b62b2159 openldap-servers-2.2.13-7.4E.x86_64.rpm
469c3b1f539bca8b76b7a97856ca6ec9 openldap-servers-sql-2.2.13-7.4E.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
openldap-2.2.13-7.4E.src.rpm
6361da4ab6394b05ddeadc0f098a2920 openldap-2.2.13-7.4E.src.rpm

i386:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
90de80e2d54e308fab31def982778336 openldap-clients-2.2.13-7.4E.i386.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
e7b2ebb7053cd2de3b6580e60a776030 openldap-devel-2.2.13-7.4E.i386.rpm
3c5405ebd50dba9c33eab8827c7b86d7 openldap-servers-2.2.13-7.4E.i386.rpm
9f09549a4bac7a15985e5c68d0e64f93 openldap-servers-sql-2.2.13-7.4E.i386.rpm

ia64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
67c1abbff376926a8ce8a349dcadc4c4 compat-openldap-2.1.30-7.4E.ia64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
91ae8d90eadd2f44f94eea1e7f4de242 openldap-2.2.13-7.4E.ia64.rpm
8b2b1f0763d68f0ba99ae7024a1007cc openldap-clients-2.2.13-7.4E.ia64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
b764f9481a14c3b3a04c6705baa247f4 openldap-debuginfo-2.2.13-7.4E.ia64.rpm
c31c0bc8b3fb33ff5c2586e8d532a1c6 openldap-devel-2.2.13-7.4E.ia64.rpm
deef986e4e80960f184abcdfcb8b916d openldap-servers-2.2.13-7.4E.ia64.rpm
f7d8e7436f307fe825921f6e44914d5b openldap-servers-sql-2.2.13-7.4E.ia64.rpm

x86_64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
0857e9c56f0e0b1a79d030095c8bacfc compat-openldap-2.1.30-7.4E.x86_64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
de900974e30e11b6c377d40e4f8e39e8 openldap-2.2.13-7.4E.x86_64.rpm
959a8a1685419b90724959c823c068e1 openldap-clients-2.2.13-7.4E.x86_64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
5fc9f3152530ee8c217ef0a0daef4b93 openldap-debuginfo-2.2.13-7.4E.x86_64.rpm
8f9f3f89468bd592c97fe1287905ecda openldap-devel-2.2.13-7.4E.x86_64.rpm
112dbb50c82fcd6545b03568b62b2159 openldap-servers-2.2.13-7.4E.x86_64.rpm
469c3b1f539bca8b76b7a97856ca6ec9 openldap-servers-sql-2.2.13-7.4E.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGN37xXlSAg2UNWIIRAndJAJ93Ba3gS8cjY9+KXMJyjXSakuIBgQCeNN+i
EBikfoyOw6IDIWz4Gz/rCko=
=deuZ
-----END PGP SIGNATURE-----



--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung