Home > Security > Advisories

Advisories

Mandriva Advisories

Package name nss_ldap
Date July 18th, 2005
Advisory ID MDKSA-2005:121
Affected versions 10.0, 10.1, CS2.1, CS3.0, MNF2.0, 10.2
Synopsis Updated nss_ldap/pam_ldap packages fix vulnerabilities

Problem Description

Rob Holland, of the Gentoo Security Audit Team, discovered that
pam_ldap and nss_ldap would not use TLS for referred connections if
they are referred to a master after connecting to a slave, regardless
of the "ssl start_tls" setting in ldap.conf.

As well, a bug in nss_ldap in Corporate Server and Mandrake 10.0
has been fixed that caused crond, and other applications, to crash as
a result of clients receiving a SIGPIPE signal when attempting to
issue a new search request to a directory server that is no longer
available.

The updated packages have been patched to address this issue.

Updated Packages

Mandrakelinux 10.0

 914dcae90f53c038cfc011abe891ab4d  10.0/RPMS/nss_ldap-212-4.1.100mdk.i586.rpm
072543f7406517e0515d35d39e5f5f40  10.0/RPMS/pam_ldap-167-4.1.100mdk.i586.rpm
541c2b177143c43b743b8d3fe5509ea9  10.0/SRPMS/nss_ldap-212-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 5235319856a96b9a1ef18a2913f6adcf  amd64/10.0/RPMS/nss_ldap-212-4.1.100mdk.amd64.rpm
20aa9281762673b4ff2a79e4c108faf8  amd64/10.0/RPMS/pam_ldap-167-4.1.100mdk.amd64.rpm
541c2b177143c43b743b8d3fe5509ea9  amd64/10.0/SRPMS/nss_ldap-212-4.1.100mdk.src.rpm

Mandrakelinux 10.1

 b0e26a28478136804d4aeb39d44c8d82  10.1/RPMS/nss_ldap-220-3.1.101mdk.i586.rpm
700a3f02f035626e93fe9de327df9d52  10.1/RPMS/pam_ldap-170-3.1.101mdk.i586.rpm
0292807cd0a28d55ca8e59489761bf25  10.1/SRPMS/nss_ldap-220-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 707a0491faf0022727255c56dc14c508  x86_64/10.1/RPMS/nss_ldap-220-3.1.101mdk.x86_64.rpm
066cfd679a2d6ccb8f2f04cc223c8cb9  x86_64/10.1/RPMS/pam_ldap-170-3.1.101mdk.x86_64.rpm
0292807cd0a28d55ca8e59489761bf25  x86_64/10.1/SRPMS/nss_ldap-220-3.1.101mdk.src.rpm

Corporate Server 2.1

 2afb0b0dbd3b0ed51a2b62d8387f09f4  corporate/2.1/RPMS/nss_ldap-202-1.3.C21mdk.i586.rpm
bdec2ce99957b1018084b04a8d27b18d  corporate/2.1/RPMS/pam_ldap-156-1.3.C21mdk.i586.rpm
b8b51a75d94c7fdbfce141f8eb634059  corporate/2.1/SRPMS/nss_ldap-202-1.3.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 ce833d0b6359c54b8bd6337e65fb85fa  x86_64/corporate/2.1/RPMS/nss_ldap-202-1.3.C21mdk.x86_64.rpm
6ed783d9f1581a9e736b09d3d8ceebeb  x86_64/corporate/2.1/RPMS/pam_ldap-156-1.3.C21mdk.x86_64.rpm
b8b51a75d94c7fdbfce141f8eb634059  x86_64/corporate/2.1/SRPMS/nss_ldap-202-1.3.C21mdk.src.rpm

Corporate Server 3.0

 8916317b50c123371f31e97744c81b9c  corporate/3.0/RPMS/nss_ldap-212-4.1.C30mdk.i586.rpm
7a62fb9be21fb245e9f66307f77b898e  corporate/3.0/RPMS/pam_ldap-167-4.1.C30mdk.i586.rpm
bc3cde29ad21289d345c22ddda8fdb2a  corporate/3.0/SRPMS/nss_ldap-212-4.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 063b326df178942502a2be421891fdf1  x86_64/corporate/3.0/RPMS/nss_ldap-212-4.1.C30mdk.x86_64.rpm
be16dc6b6bb027a561d6415b46af19be  x86_64/corporate/3.0/RPMS/pam_ldap-167-4.1.C30mdk.x86_64.rpm
bc3cde29ad21289d345c22ddda8fdb2a  x86_64/corporate/3.0/SRPMS/nss_ldap-212-4.1.C30mdk.src.rpm

Multi Network Firewall 2.0

 bb3ebbd81508ff14425daaac2e6eb339  mnf/2.0/RPMS/nss_ldap-212-4.1.M20mdk.i586.rpm
b1ad2c72353d0e1213c9e0ae81c61ff9  mnf/2.0/RPMS/pam_ldap-167-4.1.M20mdk.i586.rpm
e240c07b08757410dbc411d2d6430e14  mnf/2.0/SRPMS/nss_ldap-212-4.1.M20mdk.src.rpm

Mandriva Linux LE2005

 e51a248257f108f311a774d58f6c04fc  10.2/RPMS/nss_ldap-220-5.2.102mdk.i586.rpm
f8716c332eaa6a29013dc9e69c164f3d  10.2/RPMS/pam_ldap-170-5.2.102mdk.i586.rpm
9e638e127e5a8107ee23c0c1c9f76fd1  10.2/SRPMS/nss_ldap-220-5.2.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 a00d92227ecbd7ce25bd144c4a9d4ffe  x86_64/10.2/RPMS/nss_ldap-220-5.2.102mdk.x86_64.rpm
87b5b7aac3a835d6e90d2ea916f0e530  x86_64/10.2/RPMS/pam_ldap-170-5.2.102mdk.x86_64.rpm
9e638e127e5a8107ee23c0c1c9f76fd1  x86_64/10.2/SRPMS/nss_ldap-220-5.2.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2377

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.