[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] openldap remote exploits
- To: linux-security
- Subject: [linux-security] openldap remote exploits
- From: Martin Siegert <siegert@sfu.ca>
- Date: Fri, 28 Feb 2003 20:37:33 -0800
- User-Agent: Mutt/1.4i
Topic
=====
remote exploit in openldap
Problem Description
===================
OpenLDAP is the Open Source implementation of the Lightweight Directory
Access Protocol (LDAP) and is used in network environments for distributing
certain information such as X.509 certificates or login information.
Several buffer overflows that can be exploited remotely exist in versions
2.2.0 and earlier:
When reading configuration files, libldap would read the current user's
.ldaprc file even in applications being run with elevated privileges.
Slurpd would overflow an internal buffer if the command-line argument used
with the -t or -r flags was too long, or if the name of a file for which it
attempted to create an advisory lock was too long.
When parsing filters, the getfilter family of functions from libldap could
be made to overflow an internal buffer by supplying a carefully crafted
ldapfilter.conf file.
When processing LDAP entry display templates, libldap could be made to
overflow an internal buffer by supplying a properly crafted
ldaptemplates.conf file.
When parsing an access control list, slapd could be made to overflow an
internal buffer.
When constructing the name of the file used for logging rejected
replication requests, slapd would overflow an internal buffer if the size
of the generated name was too large, and could be tricked into destroying
the contents of any file owned by the ldap user due to a race condition in
the subsequent creation of the log file.
Affected Versions
=================
openldap 2.0.x and earlier
(not absolutely clear: CVE CAN-2002-1378 lists 2.2.0 and earlier, but
version 2.2.0 does not exist)
Solution
========
update to patched version for your distribution
SuSE 7.1
--------
rpm -Fvh openldap2-2.0.11-66.i386.rpm
SuSE 7.2
--------
rpm -Fvh openldap2-2.0.11-67.i386.rpm openldap2-devel-2.0.11-67.i386.rpm
SuSE 7.3
--------
rpm -Fvh openldap2-2.0.12-44.i386.rpm penldap2-devel-2.0.12-44.i386.rpm
SuSE 8.0
--------
rpm -Fvh openldap2-2.0.23-143.i386.rpm openldap2-devel-2.0.23-143.i386.rpm
RedHat 6.2
----------
rpm -Fvh openldap-1.2.13-2.i386.rpm \
openldap-clients-1.2.13-2.i386.rpm \
openldap-servers-1.2.13-2.i386.rpm \
openldap-devel-1.2.13-2.i386.rpm
RedHat 7.0, 7.1
---------------
rpm -Fvh openldap-2.0.27-2.7.1.i386.rpm \
openldap-clients-2.0.27-2.7.1.i386.rpm \
openldap-servers-2.0.27-2.7.1.i386.rpm \
openldap-devel-2.0.27-2.7.1.i386.rpm \
openldap12-1.2.13-8.i386.rpm
RedHat 7.2, 7.3
---------------
rpm -Fvh openldap-2.0.27-2.7.3.i386.rpm \
openldap-clients-2.0.27-2.7.3.i386.rpm \
openldap-servers-2.0.27-2.7.3.i386.rpm \
openldap-devel-2.0.27-2.7.3.i386.rpm \
openldap12-1.2.13-8.i386.rpm
RedHat 8.0
----------
rpm -Fvh openldap-2.0.27-2.8.0.i386.rpm \
openldap-clients-2.0.27-2.8.0.i386.rpm \
openldap-servers-2.0.27-2.8.0.i386.rpm \
openldap-devel-2.0.27-2.8.0.i386.rpm \
openldap12-1.2.13-9.i386.rpm
Mandrake 8.0, 8.1
-----------------
rpm -Fvh openldap-2.0.21-2.1mdk.i586.rpm \
openldap-clients-2.0.21-2.1mdk.i586.rpm \
openldap-servers-2.0.21-2.1mdk.i586.rpm \
openldap-guide-2.0.21-2.1mdk.i586.rpm \
openldap-migration-2.0.21-2.1mdk.i586.rpm \
libldap2-2.0.21-2.1mdk.i586.rpm \
libldap2-devel-2.0.21-2.1mdk.i586.rpm \
libldap2-devel-static-2.0.21-2.1mdk.i586.rpm \
openldap-back_dnssrv-2.0.21-2.1mdk.i586.rpm \
openldap-back_ldap-2.0.21-2.1mdk.i586.rpm \
openldap-back_passwd-2.0.21-2.1mdk.i586.rpm \
openldap-back_sql-2.0.21-2.1mdk.i586.rpm
Mandrake 8.2
------------
rpm -Fvh openldap-2.0.21-4.1mdk.i586.rpm \
openldap-clients-2.0.21-4.1mdk.i586.rpm \
openldap-servers-2.0.21-4.1mdk.i586.rpm \
openldap-guide-2.0.21-4.1mdk.i586.rpm \
openldap-migration-2.0.21-4.1mdk.i586.rpm \
libldap2-2.0.21-4.1mdk.i586.rpm \
libldap2-devel-2.0.21-4.1mdk.i586.rpm \
libldap2-devel-static-2.0.21-4.1mdk.i586.rpm \
openldap-back_dnssrv-2.0.21-4.1mdk.i586.rpm \
openldap-back_ldap-2.0.21-4.1mdk.i586.rpm \
openldap-back_passwd-2.0.21-4.1mdk.i586.rpm \
openldap-back_sql-2.0.21-4.1mdk.i586.rpm
Mandrake 9.0
------------
rpm -Fvh openldap-2.0.25-7.1mdk.i586.rpm \
openldap-clients-2.0.25-7.1mdk.i586.rpm \
openldap-servers-2.0.25-7.1mdk.i586.rpm \
openldap-guide-2.0.25-7.1mdk.i586.rpm \
openldap-migration-2.0.25-7.1mdk.i586.rpm \
libldap2-2.0.25-7.1mdk.i586.rpm \
libldap2-devel-2.0.25-7.1mdk.i586.rpm \
libldap2-devel-static-2.0.25-7.1mdk.i586.rpm \
openldap-back_dnssrv-2.0.25-7.1mdk.i586.rpm \
openldap-back_ldap-2.0.25-7.1mdk.i586.rpm \
openldap-back_passwd-2.0.25-7.1mdk.i586.rpm \
openldap-back_sql-2.0.25-7.1mdk.i586.rpm
Debian 3.0 (woody)
------------------
upgrade to ldap-gateways_2.0.23-6.3_i386.deb,
openldap2/ldap-utils_2.0.23-6.3_i386.deb,
libldap2_2.0.23-6.3_i386.deb,
libldap2-dev_2.0.23-6.3_i386.deb,
slapd_1.0.23-6.3_i386.deb