Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > June 2005 > Four Mandriva Linux Update Advisories: 1. MDKA-2005:032 - pam_ldap 2. MDKSA-2005:103 - sudo 3. MDSKA-2005:104 - squid 4. MDSKA-2005:105 - dbus

June 2005

Four Mandriva Linux Update Advisories: 1. MDKA-2005:032 - pam_ldap 2. MDKSA-2005:103 - sudo 3. MDSKA-2005:104 - squid 4. MDSKA-2005:105 - dbus

ID: 00517
Ref: 477/2005
Date: 27 June 2005:14:44:27
Version: 1
Title: Four Mandriva Linux Update Advisories: 1. MDKA-2005:032 - pam_ldap 2. MDKSA-2005:103 - sudo 3. MDSKA-2005:104 - squid 4. MDSKA-2005:105 - dbus
Abstract:
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva
Title
=====

Four Mandriva Linux Update Advisories:
1. MDKA-2005:032 - pam_ldap
2. MDKSA-2005:103 - sudo
3. MDSKA-2005:104 - squid
4. MDSKA-2005:105 - dbus

Detail
======

1. This package fixes a bug that prevents password changes via pam_ldap
from succeeding when configured to use the password type "exop" (via a
"pam_password exop" entry in /etc/ldap.conf or the configuration file
provided as an option in the pam configuration file) against a server
which doens't allow exop password changes which include the old
password (such as OpenLDAP 2.1.x).

2. A race condition was discovered in sudo by Charles Morris. This could
lead to the escalation of privileges if /etc/sudoers allowed a user to
execute selected programs that were then followed by another line
containing the pseudo-command "ALL". By creating symbolic links at a
certain time, that user could execute arbitrary commands.

3. A bug was found in the way that Squid handles DNS replies. If the
port Squid uses for DNS requests is not protected by a firewall, it is
possible for a remote attacker to spoof DNS replies, possibly
redirecting a user to spoofed or malicious content.

4. Dan Reed discovered a vulnerability in the D-BUS system for sending
messages between applications. He found that a user can send and
listen to messages on another user's per-user session bus if they
knew the address of the socket.



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Update Advisory
_______________________________________________________________________

Package name: pam_ldap
Advisory ID: MDKA-2005:032
Date: June 24th, 2005

Affected versions: 10.2
______________________________________________________________________

Problem Description:

This package fixes a bug that prevents password changes via pam_ldap
from succeeding when configured to use the password type "exop" (via a
"pam_password exop" entry in /etc/ldap.conf or the configuration file
provided as an option in the pam configuration file) against a server
which doens't allow exop password changes which include the old
password (such as OpenLDAP 2.1.x).

The update applies the changes made between pam_ldap versions 174 and
175, and changes the behaviour for the "exop" password method to not
send the old password. The behaviour that was exhibited by the original
package may be obtained by changing the password method to
"exop_send_old".
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.2:
c434580c7d31b44c0e712cdf9fd6690a 10.2/RPMS/nss_ldap-220-5.1.102mdk.i586.rpm
92b0d732b5209b43cc9c088da9af21b6 10.2/RPMS/pam_ldap-170-5.1.102mdk.i586.rpm
587d1feabf37950cda4941244a7248a3 10.2/SRPMS/nss_ldap-220-5.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
4f4f259ce9be37455c446a437895279d x86_64/10.2/RPMS/nss_ldap-220-5.1.102mdk.x86_64.rpm
897aa0e1d77b673ba7d8d47c75a81224 x86_64/10.2/RPMS/pam_ldap-170-5.1.102mdk.x86_64.rpm
587d1feabf37950cda4941244a7248a3 x86_64/10.2/SRPMS/nss_ldap-220-5.1.102mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCvHGpmqjQ0CJFipgRAlA9AJ0Smui/UQs7IqL8XfB9nWsgdbyYEwCfcwgG
U1R0k7Spn81aCH/Haotrp2s=
=OaGS
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: sudo
Advisory ID: MDKSA-2005:103
Date: June 21st, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

A race condition was discovered in sudo by Charles Morris. This could
lead to the escalation of privileges if /etc/sudoers allowed a user to
execute selected programs that were then followed by another line
containing the pseudo-command "ALL". By creating symbolic links at a
certain time, that user could execute arbitrary commands.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1993
http://www.sudo.ws/sudo/alerts/path_race.html
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
0fdbddfa1ca2298a05261c77c2eb0b43 10.0/RPMS/sudo-1.6.7-0.p5.2.2.100mdk.i586.rpm
523d0cfc297e81c3381d5df89078b3bc 10.0/SRPMS/sudo-1.6.7-0.p5.2.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
69b25ae195069271c0a037aaa1912722 amd64/10.0/RPMS/sudo-1.6.7-0.p5.2.2.100mdk.amd64.rpm
523d0cfc297e81c3381d5df89078b3bc amd64/10.0/SRPMS/sudo-1.6.7-0.p5.2.2.100mdk.src.rpm

Mandrakelinux 10.1:
07e35abe22a51cbb66d8969cb6cd7738 10.1/RPMS/sudo-1.6.8p1-1.2.101mdk.i586.rpm
5d636e00903aa9f1e954b658754379f0 10.1/SRPMS/sudo-1.6.8p1-1.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
3fe900becdac7248053415e5c37029ca x86_64/10.1/RPMS/sudo-1.6.8p1-1.2.101mdk.x86_64.rpm
5d636e00903aa9f1e954b658754379f0 x86_64/10.1/SRPMS/sudo-1.6.8p1-1.2.101mdk.src.rpm

Mandrakelinux 10.2:
fa3d69895a19bd321666c565e9919cdb 10.2/RPMS/sudo-1.6.8p1-2.1.102mdk.i586.rpm
c9abd9d5ad76e4c5d8da20af10ba4601 10.2/SRPMS/sudo-1.6.8p1-2.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
56cba44d316f3d1623f20a3e5c102721 x86_64/10.2/RPMS/sudo-1.6.8p1-2.1.102mdk.x86_64.rpm
c9abd9d5ad76e4c5d8da20af10ba4601 x86_64/10.2/SRPMS/sudo-1.6.8p1-2.1.102mdk.src.rpm

Corporate Server 2.1:
0574ea8f264d1ac850bc7401da9dfd46 corporate/2.1/RPMS/sudo-1.6.6-2.2.C21mdk.i586.rpm
7520cfd6be4d4d2ce87787ebf1dccca2 corporate/2.1/SRPMS/sudo-1.6.6-2.2.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
e971d73a7bd06d23d40d102bf113af75 x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.2.C21mdk.x86_64.rpm
7520cfd6be4d4d2ce87787ebf1dccca2 x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.2.C21mdk.src.rpm

Corporate 3.0:
551c661042bae4c9da2fab38fcfbf08a corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.2.C30mdk.i586.rpm
ded9307a4c361548d164765a421e0f9e corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
f392eecc2886cf8c73a4c27c3d86112d x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.2.C30mdk.x86_64.rpm
ded9307a4c361548d164765a421e0f9e x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCuYFjmqjQ0CJFipgRAsEEAJ998YMjnujTKm3Eb33S2kXsYn8IYwCfRiSt
1BnR8aOEdr6qHyfN2LlMtlk=
=NTyJ
- -----END PGP SIGNATURE-----



3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: squid
Advisory ID: MDKSA-2005:104
Date: June 24th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

A bug was found in the way that Squid handles DNS replies. If the
port Squid uses for DNS requests is not protected by a firewall, it is
possible for a remote attacker to spoof DNS replies, possibly
redirecting a user to spoofed or malicious content.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1519
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
efa0ff6a4392d73c07f9dbc8c3b66438 10.1/RPMS/squid-2.5.STABLE9-1.2.101mdk.x86_64.rpm
794a1ae90ec7094bdccdefefdfcb2d61 10.1/SRPMS/squid-2.5.STABLE9-1.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
efa0ff6a4392d73c07f9dbc8c3b66438 x86_64/10.1/RPMS/squid-2.5.STABLE9-1.2.101mdk.x86_64.rpm
794a1ae90ec7094bdccdefefdfcb2d61 x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.2.101mdk.src.rpm

Mandrakelinux 10.2:
73a8aa85012fef6a9c4f366c26bb1337 10.2/RPMS/squid-2.5.STABLE9-1.2.102mdk.i586.rpm
ad7f452e1a09d1f8d1a6aa2345e25084 10.2/SRPMS/squid-2.5.STABLE9-1.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
eb149b54fcb1dca0c62c7dc255d6185d x86_64/10.2/RPMS/squid-2.5.STABLE9-1.2.102mdk.x86_64.rpm
ad7f452e1a09d1f8d1a6aa2345e25084 x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.2.102mdk.src.rpm

Corporate Server 2.1:
e0ed76fed0fec9bf6e70bf38c3b8fed0 corporate/2.1/RPMS/squid-2.4.STABLE7-2.7.C21mdk.i586.rpm
fb62666cca753d0dee0fff76286c537b corporate/2.1/SRPMS/squid-2.4.STABLE7-2.7.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
19347f85c069b33d30fb569674dc8580 x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.7.C21mdk.x86_64.rpm
fb62666cca753d0dee0fff76286c537b x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.7.C21mdk.src.rpm

Corporate 3.0:
bba66d7a12eeece71d20a0f1a98bcebd corporate/3.0/RPMS/squid-2.5.STABLE9-1.2.C30mdk.i586.rpm
7e1685cce7144065a952e2ee7905265b corporate/3.0/SRPMS/squid-2.5.STABLE9-1.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
494442194cc6259050d7ab80076bc6e3 x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.2.C30mdk.x86_64.rpm
7e1685cce7144065a952e2ee7905265b x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCvHKmmqjQ0CJFipgRAr4mAKCg2E9CnfRhx10mkDn2pCC3CBugEACgqpe7
fdIS/zhzwmGfSW4HPb/2Mg4=
=LKgO
- -----END PGP SIGNATURE-----



4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: dbus
Advisory ID: MDKSA-2005:105
Date: June 24th, 2005

Affected versions: 10.1, Corporate 3.0
______________________________________________________________________

Problem Description:

Dan Reed discovered a vulnerability in the D-BUS system for sending
messages between applications. He found that a user can send and
listen to messages on another user's per-user session bus if they
knew the address of the socket.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0201
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
d5eb6d08b6a007fbd7a192628ba33c44 10.1/RPMS/dbus-0.22-3.1.101mdk.i586.rpm
3e417b23c43db4e7473d647f104471a7 10.1/RPMS/dbus-python-0.22-3.1.101mdk.i586.rpm
64f7ea9d74f62fdf0ee0ee6e109a3caf 10.1/RPMS/dbus-x11-0.22-3.1.101mdk.i586.rpm
2c121bf2416362e4b611d0bda3abc737 10.1/RPMS/libdbus-1_0-0.22-3.1.101mdk.i586.rpm
b05a0b9d6f04cb1903d2cd264ecb8590 10.1/RPMS/libdbus-1_0-devel-0.22-3.1.101mdk.i586.rpm
5b7bb77f073cd51e642200191e5dc426 10.1/RPMS/libdbus-glib-1_0-0.22-3.1.101mdk.i586.rpm
bf50565b2fc41f7e801c17d8e234d08d 10.1/RPMS/libdbus-qt-1_0-0.22-3.1.101mdk.i586.rpm
7f2bb3ba2de7d91c1c67910ce22676ee 10.1/SRPMS/dbus-0.22-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
c6dbe1230e55ae99059d42053674109f x86_64/10.1/RPMS/dbus-0.22-3.1.101mdk.x86_64.rpm
9e38bf83675eb40aa8078ab4d43aa3e4 x86_64/10.1/RPMS/dbus-python-0.22-3.1.101mdk.x86_64.rpm
25366249b14a222d0ff41e748ae4964e x86_64/10.1/RPMS/dbus-x11-0.22-3.1.101mdk.x86_64.rpm
36df1060f8e0243024e3f216a89e413e x86_64/10.1/RPMS/lib64dbus-1_0-0.22-3.1.101mdk.x86_64.rpm
3f8484b68edbaeaeffdc520be0802be2 x86_64/10.1/RPMS/lib64dbus-1_0-devel-0.22-3.1.101mdk.x86_64.rpm
1a093645499551ef0d21a5d45bfd3ce8 x86_64/10.1/RPMS/lib64dbus-glib-1_0-0.22-3.1.101mdk.x86_64.rpm
3fd269c19dc1ec09b9f99088528c48e9 x86_64/10.1/RPMS/lib64dbus-qt-1_0-0.22-3.1.101mdk.x86_64.rpm
7f2bb3ba2de7d91c1c67910ce22676ee x86_64/10.1/SRPMS/dbus-0.22-3.1.101mdk.src.rpm

Corporate 3.0:
7c4b8579d8eecda85f872e9a2fc4d4a5 corporate/3.0/RPMS/dbus-0.20-7.1.C30mdk.i586.rpm
2e15717b81ca73467c23ab50a0095dc2 corporate/3.0/RPMS/dbus-python-0.20-7.1.C30mdk.i586.rpm
8dcdff915a80b7d431f3a0ceb217f6d3 corporate/3.0/RPMS/dbus-x11-0.20-7.1.C30mdk.i586.rpm
b9977c3ae26550fbe72f396e4dfd9cfe corporate/3.0/RPMS/libdbus-1_0-0.20-7.1.C30mdk.i586.rpm
b3da28ccfa97ab3b93bcf9781bb1e4bc corporate/3.0/RPMS/libdbus-1_0-devel-0.20-7.1.C30mdk.i586.rpm
ee3ec88593d4905f0dd97cde0c9f658b corporate/3.0/RPMS/libdbus-glib-1_0-0.20-7.1.C30mdk.i586.rpm
14583f66f8d8f447e06a252513be73a5 corporate/3.0/RPMS/libdbus-qt-1_0-0.20-7.1.C30mdk.i586.rpm
47cdf4af75570b82b0186e9bdca839f0 corporate/3.0/SRPMS/dbus-0.20-7.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
89bbcc00def4fbf81a4c1d66e157abaa x86_64/corporate/3.0/RPMS/dbus-0.20-7.1.C30mdk.x86_64.rpm
99c4eda1d977bc2ee1e4ae622ffa8a39 x86_64/corporate/3.0/RPMS/dbus-python-0.20-7.1.C30mdk.x86_64.rpm
dc34492029f4eb3d8d5d607f10c607a1 x86_64/corporate/3.0/RPMS/dbus-x11-0.20-7.1.C30mdk.x86_64.rpm
757173e4ee8c855e9c3bfa9318bd92bb x86_64/corporate/3.0/RPMS/lib64dbus-1_0-0.20-7.1.C30mdk.x86_64.rpm
3a088834b9f401be106c9c5de05a400c x86_64/corporate/3.0/RPMS/lib64dbus-1_0-devel-0.20-7.1.C30mdk.x86_64.rpm
88e751ac99d886fdf17b03c599192a4e x86_64/corporate/3.0/RPMS/lib64dbus-glib-1_0-0.20-7.1.C30mdk.x86_64.rpm
c54c001d0e5e6cdca42856d4130fe072 x86_64/corporate/3.0/RPMS/lib64dbus-qt-1_0-0.20-7.1.C30mdk.x86_64.rpm
47cdf4af75570b82b0186e9bdca839f0 x86_64/corporate/3.0/SRPMS/dbus-0.20-7.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCvHQYmqjQ0CJFipgRAjuWAKDkXzhPQhPXrjw/nn1tCPamvmZSKwCgyg3V
sZGh0UWIIKP5FYw+0zNDn60=
=oSFw
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |