MDKSA-2005:121

Package name

nss_ldap

Date

2005-07-18

Advisory ID

MDKSA-2005:121

Affected versions

MNF2.0 i586 , 10.2 x86_64 , CS2.1 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

Rob Holland, of the Gentoo Security Audit Team, discovered that pam_ldap and nss_ldap would not use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the "ssl start_tls" setting in ldap.conf. As well, a bug in nss_ldap in Corporate Server and Mandrake 10.0 has been fixed that caused crond, and other applications, to crash as a result of clients receiving a SIGPIPE signal when attempting to issue a new search request to a directory server that is no longer available. The updated packages have been patched to address this issue.

Updated packages

MNF2.0 i586

 bb3ebbd81508ff14425daaac2e6eb339  mnf/2.0/RPMS/nss_ldap-212-4.1.M20mdk.i586.rpm
b1ad2c72353d0e1213c9e0ae81c61ff9  mnf/2.0/RPMS/pam_ldap-167-4.1.M20mdk.i586.rpm
e240c07b08757410dbc411d2d6430e14  mnf/2.0/SRPMS/nss_ldap-212-4.1.M20mdk.src.rpm

10.2 x86_64

 a00d92227ecbd7ce25bd144c4a9d4ffe  x86_64/10.2/RPMS/nss_ldap-220-5.2.102mdk.x86_64.rpm
87b5b7aac3a835d6e90d2ea916f0e530  x86_64/10.2/RPMS/pam_ldap-170-5.2.102mdk.x86_64.rpm
9e638e127e5a8107ee23c0c1c9f76fd1  x86_64/10.2/SRPMS/nss_ldap-220-5.2.102mdk.src.rpm

CS2.1 x86_64

 ce833d0b6359c54b8bd6337e65fb85fa  x86_64/corporate/2.1/RPMS/nss_ldap-202-1.3.C21mdk.x86_64.rpm
6ed783d9f1581a9e736b09d3d8ceebeb  x86_64/corporate/2.1/RPMS/pam_ldap-156-1.3.C21mdk.x86_64.rpm
b8b51a75d94c7fdbfce141f8eb634059  x86_64/corporate/2.1/SRPMS/nss_ldap-202-1.3.C21mdk.src.rpm

10.0 amd64

 5235319856a96b9a1ef18a2913f6adcf  amd64/10.0/RPMS/nss_ldap-212-4.1.100mdk.amd64.rpm
20aa9281762673b4ff2a79e4c108faf8  amd64/10.0/RPMS/pam_ldap-167-4.1.100mdk.amd64.rpm
541c2b177143c43b743b8d3fe5509ea9  amd64/10.0/SRPMS/nss_ldap-212-4.1.100mdk.src.rpm

10.2 i586

 e51a248257f108f311a774d58f6c04fc  10.2/RPMS/nss_ldap-220-5.2.102mdk.i586.rpm
f8716c332eaa6a29013dc9e69c164f3d  10.2/RPMS/pam_ldap-170-5.2.102mdk.i586.rpm
9e638e127e5a8107ee23c0c1c9f76fd1  10.2/SRPMS/nss_ldap-220-5.2.102mdk.src.rpm

10.1 i586

 b0e26a28478136804d4aeb39d44c8d82  10.1/RPMS/nss_ldap-220-3.1.101mdk.i586.rpm
700a3f02f035626e93fe9de327df9d52  10.1/RPMS/pam_ldap-170-3.1.101mdk.i586.rpm
0292807cd0a28d55ca8e59489761bf25  10.1/SRPMS/nss_ldap-220-3.1.101mdk.src.rpm

10.0 i586

 914dcae90f53c038cfc011abe891ab4d  10.0/RPMS/nss_ldap-212-4.1.100mdk.i586.rpm
072543f7406517e0515d35d39e5f5f40  10.0/RPMS/pam_ldap-167-4.1.100mdk.i586.rpm
541c2b177143c43b743b8d3fe5509ea9  10.0/SRPMS/nss_ldap-212-4.1.100mdk.src.rpm

CS3.0 x86_64

 063b326df178942502a2be421891fdf1  x86_64/corporate/3.0/RPMS/nss_ldap-212-4.1.C30mdk.x86_64.rpm
be16dc6b6bb027a561d6415b46af19be  x86_64/corporate/3.0/RPMS/pam_ldap-167-4.1.C30mdk.x86_64.rpm
bc3cde29ad21289d345c22ddda8fdb2a  x86_64/corporate/3.0/SRPMS/nss_ldap-212-4.1.C30mdk.src.rpm

CS3.0 i586

 8916317b50c123371f31e97744c81b9c  corporate/3.0/RPMS/nss_ldap-212-4.1.C30mdk.i586.rpm
7a62fb9be21fb245e9f66307f77b898e  corporate/3.0/RPMS/pam_ldap-167-4.1.C30mdk.i586.rpm
bc3cde29ad21289d345c22ddda8fdb2a  corporate/3.0/SRPMS/nss_ldap-212-4.1.C30mdk.src.rpm

CS2.1 i586

 2afb0b0dbd3b0ed51a2b62d8387f09f4  corporate/2.1/RPMS/nss_ldap-202-1.3.C21mdk.i586.rpm
bdec2ce99957b1018084b04a8d27b18d  corporate/2.1/RPMS/pam_ldap-156-1.3.C21mdk.i586.rpm
b8b51a75d94c7fdbfce141f8eb634059  corporate/2.1/SRPMS/nss_ldap-202-1.3.C21mdk.src.rpm

10.1 x86_64

 707a0491faf0022727255c56dc14c508  x86_64/10.1/RPMS/nss_ldap-220-3.1.101mdk.x86_64.rpm
066cfd679a2d6ccb8f2f04cc223c8cb9  x86_64/10.1/RPMS/pam_ldap-170-3.1.101mdk.x86_64.rpm
0292807cd0a28d55ca8e59489761bf25  x86_64/10.1/SRPMS/nss_ldap-220-3.1.101mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2377