[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PISA-21-APR-00-004

To: independence-l@independence.seul.org
Subject: PISA-21-APR-00-004
From: David Webster <cog@seul.org>
Date: Sat, 22 Apr 2000 00:14:40 +0100 (BST)
Delivery-Date: Fri, 21 Apr 2000 19:16:24 -0400
Reply-To: independence-l@independence.seul.org
Sender: owner-independence-l@independence.seul.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

              .------------------------------------------------.
              |**** Project Independence Security Advisory ****|
              `-----------* ID: PISA-21-APR-00-004 *-----------'
                    Issued by: David Webster <cog@seul.org>

Issue Date: 21-APR-00

Overview: Openldap sym link security hole fix 

Affected: Indy6.2build prior to above date.

References: RHSA-2000:012-05
            
                                  -=-=-==-=-=-

Detailed Problem Description:

	OpenLDAP follows symbolic links when creating files.  The 
	default location for these files is /usr/tmp, which is a 
	symlink to /tmp, which in turn is a world-writable directory.
	Local users can destroy the contents of any file on any 
	mounted filesystem.

Solution:

        Update the affected RPM packages by downloading and
        installing the RPMs listed below. For each RPM, run:

                root# rpm -Fvh <filename>

        where <filename> is the name of the RPM.

        [Note: You need only install EITHER the compiled RPM,
        (*.i386.rpm) OR the source RPM, (*.src.rpm), NOT both.]

	Administrators with existing databases should also move their 
	NEXT`ID and *.dbb files from /usr/tmp to /var/lib/ldap, and 
	verify that the 'directory' setting in /etc/openldap/slapd.conf 
	is changed accordingly.

RPMs:

	http://independence.seul.org/security/2000/rpms/openldap-1.2.9-6.i386.rpm
	ftp://updates.redhat.com/6.2/i386/openldap-1.2.9-6.i386.rpm

Source RPMs:

	http://independence.seul.org/security/2000/rpms/openldap-1.2.9-6.src.rpm
	ftp://updates.redhat.com/6.2/SRPMS/openldap-1.2.9-6.src.rpm

Verification:

MD5 sum                           Package Name
- --------------------------------------------------------------------------
17fbdb33172a7884f56b4fc746b1b763  openldap-1.2.9-6.src.rpm
058c4aa63710da7490f98da4b3cad53d  openldap-1.2.9-6.i386.rpm
- --------------------------------------------------------------------------

These packages are GPG signed by Red Hat, Inc. for security.
Their key is available at: http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

This security advisory, and all future ones should be signed by me,
David Webster (aka cognition), with key ID: 45 FA C2 83

An archive of these messages can be currently be found on:
http://independence.seul.org/security/

A process of automatic retrieval is being worked on.

	     [Thanks go to Stan Bubrouski for discovering 
	     the problem, and to RedHat for fixing them.]

        .---------------------------------------------------.
        | And problems regarding this, or future advisories |
        |      should be emailed to me: <cog@seul.org>      |
        `---------------------------------------------------'
-----BEGIN PGP SIGNATURE-----
Comment: David Webster (aka cogNiTioN) <http://www.cognite.net/>

iD8DBQE5AOEHDdLNO0X6woMRAlP9AKCEK0R0hOR4EXNjJZyPZ0OnMT6TyACfW3zv
GBjtAR+YudH7y8sSpSOWsWk=
=lKGZ
-----END PGP SIGNATURE-----

Prev by Date: Possibly a solution to the space problem
Next by Date: SECURITY: imwheel buffer overflow
Prev by thread: Possibly a solution to the space problem
Next by thread: SECURITY: imwheel buffer overflow
Index(es):
- Date
- Thread