Mangelnde Rechteprüfung in openldap
ID: | RHSA-2007:0430-01 |
Distribution: | Red Hat |
Plattformen: | Red Hat Enterprise Linux |
Datum: | Mo, 11. Juni 2007, 20:00 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600 |
Applikationen: | OpenLDAP |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: openldap security and bug-fix update Advisory ID: RHSA-2007:0430-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0430.html Issue date: 2007-06-07 Updated on: 2007-06-11 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-4600 - --------------------------------------------------------------------- 1. Summary: A updated openldap packages that fix a security flaw and a memory leak bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications, libraries and development tools. A flaw was found in the way OpenLDAP handled selfwrite access. Users with selfwrite access were able to modify the distinguished name of any user. Users with selfwrite access should only be able to modify their own distinguished name. (CVE-2006-4600) A memory leak bug was found in OpenLDAP's ldap_start_tls_s() function. An application using this function could result in an Out Of Memory (OOM) condition, crashing the application. All users are advised to upgrade to this updated openldap package, which contains a backported fix and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 174830 - ldap_start_tls_s() leaks 234222 - CVE-2006-4600 openldap improper selfwrite access 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openldap-2.0.27-23.src.rpm 721067ddef48cd17a6bd7e0abe02f1e9 openldap-2.0.27-23.src.rpm i386: 76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm 9c7db12d4f759980e68c91518ac16e11 openldap-clients-2.0.27-23.i386.rpm c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm cb9621e2fcb1df0c6846b75df581dc43 openldap-devel-2.0.27-23.i386.rpm b25d30b22f05c54f7b3a8b47bdd72c81 openldap-servers-2.0.27-23.i386.rpm ia64: 76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm 335726afe643e27affccda635c134294 openldap-2.0.27-23.ia64.rpm e5182b0087ecc39c7587501f813fc434 openldap-clients-2.0.27-23.ia64.rpm c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm 8aba8bda246579270a49ac77f28c3031 openldap-debuginfo-2.0.27-23.ia64.rpm b154bf80b33f1d373df7ef7e5991752e openldap-devel-2.0.27-23.ia64.rpm f3f74213f1009bbba1ed742abeb4e516 openldap-servers-2.0.27-23.ia64.rpm ppc: eae9e7dbec414c10a54770a94c57d735 openldap-2.0.27-23.ppc.rpm 378cb9ba97f25107ebc060f644fadf80 openldap-2.0.27-23.ppc64.rpm d9e0f7aeeafb14a1288a8384fd8ef9f8 openldap-clients-2.0.27-23.ppc.rpm 8b2bdb320e3bcd014213b319622548b1 openldap-debuginfo-2.0.27-23.ppc.rpm a8f14b56b5ea45416e40b613180e38f9 openldap-debuginfo-2.0.27-23.ppc64.rpm 522fe726a5373a5c42435bff8b395609 openldap-devel-2.0.27-23.ppc.rpm f89e5e5c020e6bafc5e154ab10ad9ae5 openldap-servers-2.0.27-23.ppc.rpm s390: 68148e3af61ca4cc0267f3a6f07cc059 openldap-2.0.27-23.s390.rpm 895b116e8923751dfabc9cf41c025eb3 openldap-clients-2.0.27-23.s390.rpm 6b3e9abe28b4e3a421720d1ef674e7ef openldap-debuginfo-2.0.27-23.s390.rpm 06f139c14fc7d9ec5f61ba84be7c2a5b openldap-devel-2.0.27-23.s390.rpm cde08dd02987c20e08a930aecbe0d194 openldap-servers-2.0.27-23.s390.rpm s390x: 68148e3af61ca4cc0267f3a6f07cc059 openldap-2.0.27-23.s390.rpm 2d97098935b12bc7a7155934bb8d849f openldap-2.0.27-23.s390x.rpm 1c36f1d2341ce25813f1b4e47b4df10c openldap-clients-2.0.27-23.s390x.rpm 6b3e9abe28b4e3a421720d1ef674e7ef openldap-debuginfo-2.0.27-23.s390.rpm 10cb268523d05fb561a0a5d5fbb7db0d openldap-debuginfo-2.0.27-23.s390x.rpm f35adeafb6acb5d00e3082f68744f55b openldap-devel-2.0.27-23.s390x.rpm 4c0f4dcab4a8eec4bbbde1b8c43e9c34 openldap-servers-2.0.27-23.s390x.rpm x86_64: 76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm 32ad45bbb056b1a0ee0d12f723e59b85 openldap-2.0.27-23.x86_64.rpm 0eacf9f2230c97b479e5a856285a0c95 openldap-clients-2.0.27-23.x86_64.rpm c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm e8046625ff81d288a2626c68f464f5d8 openldap-debuginfo-2.0.27-23.x86_64.rpm afed14760c05fb02c6131761899608cc openldap-devel-2.0.27-23.x86_64.rpm 2d067b74d6f3f5958bab9ff858fdebdb openldap-servers-2.0.27-23.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openldap-2.0.27-23.src.rpm 721067ddef48cd17a6bd7e0abe02f1e9 openldap-2.0.27-23.src.rpm i386: 76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm 9c7db12d4f759980e68c91518ac16e11 openldap-clients-2.0.27-23.i386.rpm c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm cb9621e2fcb1df0c6846b75df581dc43 openldap-devel-2.0.27-23.i386.rpm x86_64: 76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm 32ad45bbb056b1a0ee0d12f723e59b85 openldap-2.0.27-23.x86_64.rpm 0eacf9f2230c97b479e5a856285a0c95 openldap-clients-2.0.27-23.x86_64.rpm c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm e8046625ff81d288a2626c68f464f5d8 openldap-debuginfo-2.0.27-23.x86_64.rpm afed14760c05fb02c6131761899608cc openldap-devel-2.0.27-23.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openldap-2.0.27-23.src.rpm 721067ddef48cd17a6bd7e0abe02f1e9 openldap-2.0.27-23.src.rpm i386: 76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm 9c7db12d4f759980e68c91518ac16e11 openldap-clients-2.0.27-23.i386.rpm c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm cb9621e2fcb1df0c6846b75df581dc43 openldap-devel-2.0.27-23.i386.rpm b25d30b22f05c54f7b3a8b47bdd72c81 openldap-servers-2.0.27-23.i386.rpm ia64: 76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm 335726afe643e27affccda635c134294 openldap-2.0.27-23.ia64.rpm e5182b0087ecc39c7587501f813fc434 openldap-clients-2.0.27-23.ia64.rpm c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm 8aba8bda246579270a49ac77f28c3031 openldap-debuginfo-2.0.27-23.ia64.rpm b154bf80b33f1d373df7ef7e5991752e openldap-devel-2.0.27-23.ia64.rpm f3f74213f1009bbba1ed742abeb4e516 openldap-servers-2.0.27-23.ia64.rpm x86_64: 76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm 32ad45bbb056b1a0ee0d12f723e59b85 openldap-2.0.27-23.x86_64.rpm 0eacf9f2230c97b479e5a856285a0c95 openldap-clients-2.0.27-23.x86_64.rpm c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm e8046625ff81d288a2626c68f464f5d8 openldap-debuginfo-2.0.27-23.x86_64.rpm afed14760c05fb02c6131761899608cc openldap-devel-2.0.27-23.x86_64.rpm 2d067b74d6f3f5958bab9ff858fdebdb openldap-servers-2.0.27-23.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openldap-2.0.27-23.src.rpm 721067ddef48cd17a6bd7e0abe02f1e9 openldap-2.0.27-23.src.rpm i386: 76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm 9c7db12d4f759980e68c91518ac16e11 openldap-clients-2.0.27-23.i386.rpm c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm cb9621e2fcb1df0c6846b75df581dc43 openldap-devel-2.0.27-23.i386.rpm ia64: 76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm 335726afe643e27affccda635c134294 openldap-2.0.27-23.ia64.rpm e5182b0087ecc39c7587501f813fc434 openldap-clients-2.0.27-23.ia64.rpm c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm 8aba8bda246579270a49ac77f28c3031 openldap-debuginfo-2.0.27-23.ia64.rpm b154bf80b33f1d373df7ef7e5991752e openldap-devel-2.0.27-23.ia64.rpm x86_64: 76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm 32ad45bbb056b1a0ee0d12f723e59b85 openldap-2.0.27-23.x86_64.rpm 0eacf9f2230c97b479e5a856285a0c95 openldap-clients-2.0.27-23.x86_64.rpm c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm e8046625ff81d288a2626c68f464f5d8 openldap-debuginfo-2.0.27-23.x86_64.rpm afed14760c05fb02c6131761899608cc openldap-devel-2.0.27-23.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is |