Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2005:190 - Updated nss_ldap/pam_ldap packages fix privilege vulnerabilities.
From: Mandriva Security Team <security () mandriva com>
Date: Fri, 21 Oct 2005 00:24:28 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           nss_ldap
 Advisory ID:            MDKSA-2005:190
 Date:                   October 20th, 2005

 Affected versions:      10.1, 10.2
 ______________________________________________________________________

 Problem Description:

 A bug was found in the way the pam_ldap module processed certain failure
 messages. If the server includes supplemental data in an authentication
 failure result message, but the data does not include any specific error
 code, the pam_ldap module would proceed as if the authentication request
 had succeeded, and authentication would succeed. This affects versions
 169 through 179 of pam_ldap.
 
 The updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2641
 ______________________________________________________________________

 Updated Packages:
  
 Mandrivalinux 10.1:
 3cf5ab097f8e69b9e1ace711537fcb46  10.1/RPMS/nss_ldap-220-3.2.101mdk.i586.rpm
 e5d3c8684a35cc147943b0b4a1922a42  10.1/RPMS/pam_ldap-170-3.2.101mdk.i586.rpm
 edad8885447d4d059ff1c689ee6a6f7d  10.1/SRPMS/nss_ldap-220-3.2.101mdk.src.rpm

 Mandrivalinux 10.1/X86_64:
 7b8c8c7c40c30963aff186adffc94324  x86_64/10.1/RPMS/nss_ldap-220-3.2.101mdk.x86_64.rpm
 ecbaa427c916e7fab0c355a91e04ee98  x86_64/10.1/RPMS/pam_ldap-170-3.2.101mdk.x86_64.rpm
 edad8885447d4d059ff1c689ee6a6f7d  x86_64/10.1/SRPMS/nss_ldap-220-3.2.101mdk.src.rpm

 Mandrivalinux 10.2:
 19950ddbfe52c8f0aa6e11ed93c59737  10.2/RPMS/pam_ldap-170-5.3.102mdk.i586.rpm
 dab9943bb867001a4a4e514ffc58d84e  10.2/RPMS/nss_ldap-220-5.3.102mdk.i586.rpm
 08e82d8a5fdcdd1620d8a22ec002173d  10.2/SRPMS/nss_ldap-220-5.3.102mdk.src.rpm

 Mandrivalinux 10.2/X86_64:
 54ff3f02df2e5f7c11564488784fc3ab  x86_64/10.2/RPMS/nss_ldap-220-5.3.102mdk.x86_64.rpm
 9d5541f3ac77d8ce6e2b8877b25f8980  x86_64/10.2/RPMS/pam_ldap-170-5.3.102mdk.x86_64.rpm
 08e82d8a5fdcdd1620d8a22ec002173d  x86_64/10.2/SRPMS/nss_ldap-220-5.3.102mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDWImbmqjQ0CJFipgRAgX8AJ4jyjMmvr+bQ0j4kimAmSySxfnBTACgz4n5
cXO1suU5/bUFVM9e/Q5KKXo=
=jVbI
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • MDKSA-2005:190 - Updated nss_ldap/pam_ldap packages fix privilege vulnerabilities. Mandriva Security Team (Oct 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]