LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

OpenLDAP2: remote command execution

Package(s):OpenLDAP2 CVE #(s):CAN-2002-1378 CAN-2002-1379
Created:December 6, 2002 Updated:February 21, 2003
Description: OpenLDAP is the Open Source implementation of the Lightweight Directory Access Protocol (LDAP) and is used in network environments for distributing certain information such as X.509 certificates or login information.

The SuSE Security Team reviewed critical parts of that package and found several buffer overflows and other bugs remote attackers could exploit to gain access on systems running vulnerable LDAP servers. In addition to these bugs, various local exploitable bugs within the OpenLDAP2 libraries (openldap2-devel package) have been fixed.

Since there is no workaround possible except shutting down the LDAP server, an update is strongly recommended.

Alerts:
Trustix 2003-0002 2003-02-20
Red Hat RHSA-2003:040-07 2003-02-05
Mandrake MDKSA-2003:006 2003-01-14
Debian DSA-227-1 2003-01-13
Gentoo 200212-12 2002-12-28
Conectiva CLA-2002:556 2002-12-19
SuSE SuSE-SA:2002:047 2002-12-06
(Log in to post comments)

OpenLDAP2: remote command execution

Posted Dec 19, 2002 14:29 UTC (Thu) by ber (subscriber, #2142) [Link]

Strange, it is not clear from the advisary that only Suse's openladp2
packages are affected.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds