Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Scientific Linux 6 Update: OpenLDAP Moderate Security Advisory

Calendar Mar 11, 2011 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate authentication issue openldap scientific linux
Moderate: openldap security update 
Date: Fri, 11 Mar 2011 10:25:37 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Moderate: openldap on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Moderate: openldap security update
Issue date:	2011-03-10
CVE Names:	CVE-2011-1024 CVE-2011-1025 CVE-2011-1081

A flaw was found in the way OpenLDAP handled authentication failures
being passed from an OpenLDAP slave to the master. If OpenLDAP was
configured with a chain overlay and it forwarded authentication
failures, OpenLDAP would bind to the directory as an anonymous user and
return success, rather than return failure on the authenticated bind.
This could allow a user on a system that uses LDAP for authentication to
log into a directory-based account without knowing the password.
(CVE-2011-1024)

It was found that the OpenLDAP back-ndb back end allowed successful
authentication to the root distinguished name (DN) when any string was
provided as a password. A remote user could use this flaw to access an
OpenLDAP directory if they knew the value of the root DN. Note: This
issue only affected OpenLDAP installations using the NDB back-end, which
is only available for Scientific Linux 6 via third-party software.
(CVE-2011-1025)

A flaw was found in the way OpenLDAP handled modify relative
distinguished name (modrdn) requests. A remote, unauthenticated user
could use this flaw to crash an OpenLDAP server via a modrdn request
containing an empty old RDN value. (CVE-2011-1081)

After installing this update, the OpenLDAP daemons will be restarted
automatically.

SL 6.x

 SRPMS:
openldap-2.4.19-15.el6_0.2.src.rpm
 i386:
compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm
openldap-2.4.19-15.el6_0.2.i686.rpm
openldap-clients-2.4.19-15.el6_0.2.i686.rpm
openldap-devel-2.4.19-15.el6_0.2.i686.rpm
openldap-servers-2.4.19-15.el6_0.2.i686.rpm
openldap-servers-sql-2.4.19-15.el6_0.2.i686.rpm
 x86_64:
compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm
compat-openldap-2.4.19_2.3.43-15.el6_0.2.x86_64.rpm
openldap-2.4.19-15.el6_0.2.i686.rpm
openldap-2.4.19-15.el6_0.2.x86_64.rpm
openldap-clients-2.4.19-15.el6_0.2.x86_64.rpm
openldap-devel-2.4.19-15.el6_0.2.i686.rpm
openldap-devel-2.4.19-15.el6_0.2.x86_64.rpm
openldap-servers-2.4.19-15.el6_0.2.x86_64.rpm
openldap-servers-sql-2.4.19-15.el6_0.2.x86_64.rpm

-Connie Sieh
-Troy Dawson
Your message here