SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Directory)  >  Kolab Vendors:  kolab.org
Kolab Discloses LDAP Server Password to Local Users
SecurityTracker Alert ID:  1010087
SecurityTracker URL:  http://securitytracker.com/id?1010087
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 6 2004
Impact:  Disclosure of authentication information
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): prior to kolab-1.0-20040426
Description:  An information disclosure vulnerability was reported in Kolab. A local user may be able to obtain the password for the LDAP server.

Luca Villani reported that a local user can read the '/var/origkolab/etc/openldap/slapd.conf' configuration file to view the 'rootdn' password for the OpenLDAP server. The file is configured with 0644 (world-readable) permissions, the author said.
Impact:  A local user can view the OpenLDAP server password.
Solution:  A fix is available in kolab-1.0-20040426.
Vendor URL:  www.kolab.org/ (Links to External Site)
Cause:  Access control error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  Luca Villani <luca.villani@wseurope.com>
Message History:   This archive entry has one or more follow-up message(s) listed below.
May 27 2004 (Mandrake Issues Fix) Kolab Discloses LDAP Server Password to Local Users   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.


 Source Message Contents
Date:  Tue Apr 20 14:06:08 CEST 2004
From:  Luca Villani <luca.villani@wseurope.com>
Subject:  Possible Kolab LDAP configuration information disclosure

 

Hi.

I think there is an information disclosure in slapd configuration file:

	/var/origkolab/etc/openldap/slapd.conf

Here the rootdn password is stored in cleartext, like this:

	rootpw		"averystrongpassword"


A possible workaround is to invoke

	/kolab/sbin/slappasswd

in order to manually generate an encrypted password, like this:

	[root a democrito kolab]# ./sbin/slappasswd
	New password:
	Re-enter new password:
	{SSHA}T++o7gQdMj1b1u4pjlJ57Ei0qbAbGje2
	[root a democrito kolab]#


The clear text rootdn password in configuration file can be substituted with
the manually generated encrypted password, in this manner:

	rootpw		{SSHA}T++o7gQdMj1b1u4pjlJ57Ei0qbAbGje2

I do not tested this workaround, AFAYK are there some problems?



-- 
Luca Villani                Wireless Solutions spa - DADA group
NOC manager                 Europe HQ, via Castiglione 25 Bologna
http://www.wseurope.com     Tel: +39 051 2966826    Fax: +39 051 2966800
GPG public key available    Mobile: +39 348 5298542 UIN: 76272621


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC