Advisories | Mandriva

Package name	nss_ldap
Date	October 20th, 2005
Advisory ID	MDKSA-2005:190
Affected versions	10.1, 10.2

Problem Description

A bug was found in the way the pam_ldap module processed certain failure
messages. If the server includes supplemental data in an authentication
failure result message, but the data does not include any specific error
code, the pam_ldap module would proceed as if the authentication request
had succeeded, and authentication would succeed. This affects versions
169 through 179 of pam_ldap.

The updated packages have been patched to address this issue.

Updated Packages

Mandrakelinux 10.1

 3cf5ab097f8e69b9e1ace711537fcb46  10.1/RPMS/nss_ldap-220-3.2.101mdk.i586.rpm
e5d3c8684a35cc147943b0b4a1922a42  10.1/RPMS/pam_ldap-170-3.2.101mdk.i586.rpm
edad8885447d4d059ff1c689ee6a6f7d  10.1/SRPMS/nss_ldap-220-3.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 7b8c8c7c40c30963aff186adffc94324  x86_64/10.1/RPMS/nss_ldap-220-3.2.101mdk.x86_64.rpm
ecbaa427c916e7fab0c355a91e04ee98  x86_64/10.1/RPMS/pam_ldap-170-3.2.101mdk.x86_64.rpm
edad8885447d4d059ff1c689ee6a6f7d  x86_64/10.1/SRPMS/nss_ldap-220-3.2.101mdk.src.rpm

Mandriva Linux LE2005

 19950ddbfe52c8f0aa6e11ed93c59737  10.2/RPMS/pam_ldap-170-5.3.102mdk.i586.rpm
dab9943bb867001a4a4e514ffc58d84e  10.2/RPMS/nss_ldap-220-5.3.102mdk.i586.rpm
08e82d8a5fdcdd1620d8a22ec002173d  10.2/SRPMS/nss_ldap-220-5.3.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 54ff3f02df2e5f7c11564488784fc3ab  x86_64/10.2/RPMS/nss_ldap-220-5.3.102mdk.x86_64.rpm
9d5541f3ac77d8ce6e2b8877b25f8980  x86_64/10.2/RPMS/pam_ldap-170-5.3.102mdk.x86_64.rpm
08e82d8a5fdcdd1620d8a22ec002173d  x86_64/10.2/SRPMS/nss_ldap-220-5.3.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2641

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.