MDKSA-2000:024

Package name

openldap

Date

2000-07-27

Advisory ID

MDKSA-2000:024

Affected versions

6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problem description

OpenLDAP installs the ud binary with mode 755 and the default group, taken from the installing user's primary gid or the gid of the directory itself. Depending on the gid used, this can cause the file to be group-writable for an extended group. We have determined that Linux-Mandrake is not vulnerable to this exploit.

Updated packages

6.1 i586

 na 6.1/RPMS/na

6.0 i586

 na 6.0/RPMS/na

7.0 i586

 na 7.0/RPMS/na

7.1 i586

 na 7.1/RPMS/na