MDVSA-2011:056

Package name

openldap

Date

2011-03-30

Advisory ID

MDVSA-2011:056

Affected versions

2010.1 x86_64 , 2010.1 i586 , 2010.0 x86_64 , 2010.0 i586

Problem description

Multiple vulnerabilities has been identified and fixed in openldap:

chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24,
when a master-slave configuration with a chain overlay and
ppolicy_forward_updates (aka authentication-failure forwarding) is
used, allows remote authenticated users to bypass external-program
authentication by sending an invalid password to a slave server
(CVE-2011-1024).

bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require
authentication for the root Distinguished Name (DN), which allows
remote attackers to bypass intended access restrictions via an
arbitrary password (CVE-2011-1025).

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote
attackers to cause a denial of service (daemon crash) via a relative
Distinguished Name (DN) modification request (aka MODRDN operation)
that contains an empty value for the OldDN field (CVE-2011-1081).

The updated packages have been patched to correct these issues.

Updated packages

2010.1 x86_64

 afc9a2923eff6a9323f7880f47a286ab  2010.1/x86_64/lib64ldap2.4_2-2.4.22-2.2mdv2010.2.x86_64.rpm
 b3474f085ea699e469b6052fb9ea8ef9  2010.1/x86_64/lib64ldap2.4_2-devel-2.4.22-2.2mdv2010.2.x86_64.rpm
 f5c33620b65d7cd30458cf8ec2363551  2010.1/x86_64/lib64ldap2.4_2-static-devel-2.4.22-2.2mdv2010.2.x86_64.rpm
 2517dd44ea0ce60d9237a9694e8b61c8  2010.1/x86_64/openldap-2.4.22-2.2mdv2010.2.x86_64.rpm
 6020389abdadb62959576b86a815db43  2010.1/x86_64/openldap-clients-2.4.22-2.2mdv2010.2.x86_64.rpm
 60b042d6af3241c3077fb075802fac7b  2010.1/x86_64/openldap-doc-2.4.22-2.2mdv2010.2.x86_64.rpm
 de6b6c2352843510af1b8cc2c34f5f10  2010.1/x86_64/openldap-servers-2.4.22-2.2mdv2010.2.x86_64.rpm
 03e5c6edcbaab7f5ce6d986e072dcf3a  2010.1/x86_64/openldap-testprogs-2.4.22-2.2mdv2010.2.x86_64.rpm
 8335e92188ee9c9dae2424d28139d8e6  2010.1/x86_64/openldap-tests-2.4.22-2.2mdv2010.2.x86_64.rpm 
 ce7b1b69d9c6697e20cef30134912601  2010.1/SRPMS/openldap-2.4.22-2.2mdv2010.2.src.rpm

2010.1 i586

 e4d21c1d7b63e87b15b98feff9545dbe  2010.1/i586/libldap2.4_2-2.4.22-2.2mdv2010.2.i586.rpm
 a78754a11d32fbec86c001d5115aa462  2010.1/i586/libldap2.4_2-devel-2.4.22-2.2mdv2010.2.i586.rpm
 c04365b9aec2b669eae606e83445ec57  2010.1/i586/libldap2.4_2-static-devel-2.4.22-2.2mdv2010.2.i586.rpm
 c5c4ef75c70ad30c431967a40c9b44bd  2010.1/i586/openldap-2.4.22-2.2mdv2010.2.i586.rpm
 fe450ae5ad6aed49ef166a98e57fca89  2010.1/i586/openldap-clients-2.4.22-2.2mdv2010.2.i586.rpm
 4b5f3f22273324c8738149aaab18ff4e  2010.1/i586/openldap-doc-2.4.22-2.2mdv2010.2.i586.rpm
 02351f80d3194c01b7502f89093a6bd1  2010.1/i586/openldap-servers-2.4.22-2.2mdv2010.2.i586.rpm
 bae40a5c9bad9c4676c5a182048bf1b4  2010.1/i586/openldap-testprogs-2.4.22-2.2mdv2010.2.i586.rpm
 a29483138d46b3bf5b0cf95725a11838  2010.1/i586/openldap-tests-2.4.22-2.2mdv2010.2.i586.rpm 
 ce7b1b69d9c6697e20cef30134912601  2010.1/SRPMS/openldap-2.4.22-2.2mdv2010.2.src.rpm

2010.0 x86_64

 e649fef25faedd26a2ce13893564bc78  2010.0/x86_64/lib64ldap2.4_2-2.4.19-2.2mdv2010.0.x86_64.rpm
 f41262d928682f552de272d5ca37e74a  2010.0/x86_64/lib64ldap2.4_2-devel-2.4.19-2.2mdv2010.0.x86_64.rpm
 defba9c212decee74be8e59910624cdf  2010.0/x86_64/lib64ldap2.4_2-static-devel-2.4.19-2.2mdv2010.0.x86_64.rpm
 894f8526475ac4285740e09ddd47d114  2010.0/x86_64/openldap-2.4.19-2.2mdv2010.0.x86_64.rpm
 a3058348fb23cd8675a6c8ff7ee3a71e  2010.0/x86_64/openldap-clients-2.4.19-2.2mdv2010.0.x86_64.rpm
 1dc37b6747bce657406d34d53356ef58  2010.0/x86_64/openldap-doc-2.4.19-2.2mdv2010.0.x86_64.rpm
 67272438e2f318498b59035305832f22  2010.0/x86_64/openldap-servers-2.4.19-2.2mdv2010.0.x86_64.rpm
 ee723e923d9fc1e9d8d4c4031746ed42  2010.0/x86_64/openldap-testprogs-2.4.19-2.2mdv2010.0.x86_64.rpm
 69102731a88f0f56b5555a57c2884e50  2010.0/x86_64/openldap-tests-2.4.19-2.2mdv2010.0.x86_64.rpm 
 a24ee1aeff19f2532440793bc059c147  2010.0/SRPMS/openldap-2.4.19-2.2mdv2010.0.src.rpm

2010.0 i586

 a5aa1bbb1e057c06c7a579926d166c96  2010.0/i586/libldap2.4_2-2.4.19-2.2mdv2010.0.i586.rpm
 7b70f9724e632ac01ae9950ba403ee6e  2010.0/i586/libldap2.4_2-devel-2.4.19-2.2mdv2010.0.i586.rpm
 414f0727313a619313742ad711204f5e  2010.0/i586/libldap2.4_2-static-devel-2.4.19-2.2mdv2010.0.i586.rpm
 2706caae262f70ee3c508a7659b2046d  2010.0/i586/openldap-2.4.19-2.2mdv2010.0.i586.rpm
 c3e50220a700e493e25248b561e4b8e4  2010.0/i586/openldap-clients-2.4.19-2.2mdv2010.0.i586.rpm
 69022a5387c098694997e349877edcf2  2010.0/i586/openldap-doc-2.4.19-2.2mdv2010.0.i586.rpm
 b7242509b552632e63a5dbff88f5c695  2010.0/i586/openldap-servers-2.4.19-2.2mdv2010.0.i586.rpm
 ecfc24a4b48b71142bfcb56618068938  2010.0/i586/openldap-testprogs-2.4.19-2.2mdv2010.0.i586.rpm
 2ed3d32741f610ac8dfac3af4ae0aa9f  2010.0/i586/openldap-tests-2.4.19-2.2mdv2010.0.i586.rpm 
 a24ee1aeff19f2532440793bc059c147  2010.0/SRPMS/openldap-2.4.19-2.2mdv2010.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1081
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1025
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1024