Package name
mod_auth_ldap
Date
2006-01-19
Advisory ID
MDKSA-2006:017
Affected versions
CS2.1 i586 , CS2.1 x86_64

Problem description

A format string flaw was discovered in the way that auth_ldap logs
information which may allow a remote attacker to execute arbitrary code
as the apache user if auth_ldap is used for authentication.

This update provides version 1.6.1 of auth_ldap which corrects the
problem. Only Corporate Server 2.1 shipped with a supported auth_ldap
package.

Updated packages

CS2.1 i586

 a579c887e48daaa8281ecdc4e1381fa0  corporate/2.1/RPMS/mod_auth_ldap-1.6.1-1.2.C21mdk.i586.rpm
 3af337e3989aed18d9c6e634ecb3e47b  corporate/2.1/SRPMS/auth_ldap-1.6.1-1.2.C21mdk.src.rpm

CS2.1 x86_64

 b3c27d91b6fa68e557507318c8e18f0c  x86_64/corporate/2.1/RPMS/mod_auth_ldap-1.6.1-1.2.C21mdk.x86_64.rpm
 3af337e3989aed18d9c6e634ecb3e47b  x86_64/corporate/2.1/SRPMS/auth_ldap-1.6.1-1.2.C21mdk.src.rpm

References