Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » MDKSA-2002:013-openldap

MDKSA-2002:013-openldap

by Nikola Strahija on February 12th, 2002 A problem exists in all versions of OpenLDAP from 2.0.0 through 2.0.19 where permissions are not properly checked using access control lists when a user tries to remove an attribute from an object in the directory by replacing it's values with an empty list. Schema checking is still enforced, so a user can only remove attributes that the schema does not require the object to possess.


References:

http://www.openldap.org/lists/openldap-announce/200201/msg00002.html
________________________________________________________________________

Updated Packages:

Mandrake Linux 8.0:
a4ea2aa5bb6c7c4b934c1800333c0110 8.0/RPMS/libldap2-2.0.21-1.1mdk.i586.rpm
40bc04709e1b3db1da7265126fff0b13
8.0/RPMS/libldap2-devel-2.0.21-1.1mdk.i586.rpm
c45e4e7fb4f3e51b1ece20cdb52d3e67
8.0/RPMS/libldap2-devel-static-2.0.21-1.1mdk.i586.rpm
85705191370619eccd7a9b2236824017 8.0/RPMS/openldap-2.0.21-1.1mdk.i586.rpm
0250dfede9e550fa249d25da89febb7a
8.0/RPMS/openldap-back_dnssrv-2.0.21-1.1mdk.i586.rpm
c881500493f181cdf296c6c8bf13f7d9
8.0/RPMS/openldap-back_ldap-2.0.21-1.1mdk.i586.rpm
e24c83f2e4c425f1d612893f62c82b8c
8.0/RPMS/openldap-back_passwd-2.0.21-1.1mdk.i586.rpm
550d03d3981388c1a52e3b03d599f5e0
8.0/RPMS/openldap-back_sql-2.0.21-1.1mdk.i586.rpm
4ed6fd689475cc64a0164fb480eb21f1
8.0/RPMS/openldap-clients-2.0.21-1.1mdk.i586.rpm
844b6fefc89169f7d494e642c92ff663
8.0/RPMS/openldap-guide-2.0.21-1.1mdk.i586.rpm
9f7e5592d36bb6659f998ca8a8d081f6
8.0/RPMS/openldap-migration-2.0.21-1.1mdk.i586.rpm
ea0c8d785910c0ddba8beca9be03de43
8.0/RPMS/openldap-servers-2.0.21-1.1mdk.i586.rpm
0285330fe55e658eb3b445b3ec9f3153 8.0/RPMS/php-ldap-4.0.6-2.3mdk.i586.rpm
c80bbb15fb0138100eac3048a9bf3922 8.0/SRPMS/openldap-2.0.21-1.1mdk.src.rpm
1c85de046d4fdaa5e61697c4971e8a3e 8.0/SRPMS/php-ldap-4.0.6-2.3mdk.src.rpm

Mandrake Linux 8.0/ppc:
c4e1d8fa267d602d572e3d6cc1733c20 ppc/8.0/RPMS/libldap2-2.0.21-1.1mdk.ppc.rpm
f384da84692eae4bc329f6ea819f4ee9
ppc/8.0/RPMS/libldap2-devel-2.0.21-1.1mdk.ppc.rpm
de3a17f974867c440fbdf0c895da5c6a
ppc/8.0/RPMS/libldap2-devel-static-2.0.21-1.1mdk.ppc.rpm
65a34a39b3390a9096d7585e28bf41f6 ppc/8.0/RPMS/openldap-2.0.21-1.1mdk.ppc.rpm
cf59e173f02bf6b40c3e0cbffcd1c6f0
ppc/8.0/RPMS/openldap-back_dnssrv-2.0.21-1.1mdk.ppc.rpm
e1fff4d04c41e93849adbb44e69a8d16
ppc/8.0/RPMS/openldap-back_ldap-2.0.21-1.1mdk.ppc.rpm
9761d8c4884694395b24378b570a7a6a
ppc/8.0/RPMS/openldap-back_passwd-2.0.21-1.1mdk.ppc.rpm
57c903b08c537f7d9bfed49001359a42
ppc/8.0/RPMS/openldap-back_sql-2.0.21-1.1mdk.ppc.rpm
0fa23cb53df25a25b281e2626d8cb7ea
ppc/8.0/RPMS/openldap-clients-2.0.21-1.1mdk.ppc.rpm
6383cb6ee54c42988473a1e0ba25b919
ppc/8.0/RPMS/openldap-guide-2.0.21-1.1mdk.ppc.rpm
b421651eb7fb765f2ba559236b661913
ppc/8.0/RPMS/openldap-migration-2.0.21-1.1mdk.ppc.rpm
ace71e29d6176ee1222399b586862b7e
ppc/8.0/RPMS/openldap-servers-2.0.21-1.1mdk.ppc.rpm
2d789452df385b00d0f12415f6e9b59d ppc/8.0/RPMS/php-ldap-4.0.6-2.3mdk.ppc.rpm
c80bbb15fb0138100eac3048a9bf3922 ppc/8.0/SRPMS/openldap-2.0.21-1.1mdk.src.rpm
1c85de046d4fdaa5e61697c4971e8a3e ppc/8.0/SRPMS/php-ldap-4.0.6-2.3mdk.src.rpm

Mandrake Linux 8.1:
6e5171b6b3e6581d5ef5e15c41c9035d 8.1/RPMS/libldap2-2.0.21-1.1mdk.i586.rpm
472753f50ba6e64c88707af4438afe77
8.1/RPMS/libldap2-devel-2.0.21-1.1mdk.i586.rpm
d3595c25d4aa67e19dc82881f46d1442
8.1/RPMS/libldap2-devel-static-2.0.21-1.1mdk.i586.rpm
904a950261ccf85ef78044a8ccf9a288 8.1/RPMS/openldap-2.0.21-1.1mdk.i586.rpm
63fa21f0ba0ab3d6634ff04e764e4563
8.1/RPMS/openldap-back_dnssrv-2.0.21-1.1mdk.i586.rpm
551940bb0358ff36b79dd8b2d6b3a9e9
8.1/RPMS/openldap-back_ldap-2.0.21-1.1mdk.i586.rpm
4831a196a71a84dec17ce5fc1bd505ee
8.1/RPMS/openldap-back_passwd-2.0.21-1.1mdk.i586.rpm
efe4fd7721b7832e302c04dac70ca7f5
8.1/RPMS/openldap-back_sql-2.0.21-1.1mdk.i586.rpm
bfa2044b93cd24e8fe12b35bb1d94fdf
8.1/RPMS/openldap-clients-2.0.21-1.1mdk.i586.rpm
de8cafd8590e2ed7208fdd4df39003b1
8.1/RPMS/openldap-guide-2.0.21-1.1mdk.i586.rpm
16c7a80d0f0d8b9aebf23b7bdfa73887
8.1/RPMS/openldap-migration-2.0.21-1.1mdk.i586.rpm
9f500030ec136c56a3049a46d2264723
8.1/RPMS/openldap-servers-2.0.21-1.1mdk.i586.rpm
2c9ea69da75488c3ad505a5879424860 8.1/RPMS/php-ldap-4.0.6-3.1mdk.i586.rpm
c80bbb15fb0138100eac3048a9bf3922 8.1/SRPMS/openldap-2.0.21-1.1mdk.src.rpm
8904f1651e936d04d064831fffd396be 8.1/SRPMS/php-ldap-4.0.6-3.1mdk.src.rpm

Mandrake Linux 8.1/ia64:
75d918f8733e9e7ab6bce3b67877a817
ia64/8.1/RPMS/libldap2-2.0.21-1.1mdk.ia64.rpm
f36ad2bdba15cb59f388e8af0640af23
ia64/8.1/RPMS/libldap2-devel-2.0.21-1.1mdk.ia64.rpm
39b781a5573ead30dc82ff1b62557a5b
ia64/8.1/RPMS/libldap2-devel-static-2.0.21-1.1mdk.ia64.rpm
a304a3f37dbcfbcefc7713e778db2266
ia64/8.1/RPMS/openldap-2.0.21-1.1mdk.ia64.rpm
3f20234f9ac223169e737a7fa66edcc7
ia64/8.1/RPMS/openldap-back_dnssrv-2.0.21-1.1mdk.ia64.rpm
b83e978653e60b03acb7df7b3e1eeb52
ia64/8.1/RPMS/openldap-back_ldap-2.0.21-1.1mdk.ia64.rpm
9b4933b726790bbf5d1942da26c12d8d
ia64/8.1/RPMS/openldap-back_passwd-2.0.21-1.1mdk.ia64.rpm
cb19a3584ac1332a935cbc8a6fb5b910
ia64/8.1/RPMS/openldap-back_sql-2.0.21-1.1mdk.ia64.rpm
ac19dca5b367df61902387e2909335ff
ia64/8.1/RPMS/openldap-clients-2.0.21-1.1mdk.ia64.rpm
19e1eb8a69cb7454581d4dac7c97d5d8
ia64/8.1/RPMS/openldap-guide-2.0.21-1.1mdk.ia64.rpm
eaa92675635c73d6a12d7339a7404dca
ia64/8.1/RPMS/openldap-migration-2.0.21-1.1mdk.ia64.rpm
5ca2da579c85ea86ceb477f0a6223fea
ia64/8.1/RPMS/openldap-servers-2.0.21-1.1mdk.ia64.rpm
7935fe763fe3ad440dc72aef5dbc3d5b ia64/8.1/RPMS/php-ldap-4.0.6-3.1mdk.ia64.rpm
c80bbb15fb0138100eac3048a9bf3922
ia64/8.1/SRPMS/openldap-2.0.21-1.1mdk.src.rpm
8904f1651e936d04d064831fffd396be ia64/8.1/SRPMS/php-ldap-4.0.6-3.1mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

________________________________________________________________________

To upgrade automatically, use MandrakeUpdate. The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of
FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:

rpm --checksig

All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team from:

https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

[email protected]
________________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team




Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »