SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Directory)  >   Red Hat Directory Server Vendors:   Red Hat
Red Hat Directory Server Weak File Permissions Lets Local Users Obtain Administrative Passwords
SecurityTracker Alert ID:  1024281
SecurityTracker URL:  http://securitytracker.com/id/1024281
CVE Reference:   CVE-2010-2241   (Links to External Site)
Date:  Aug 4 2010
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.0
Description:   A vulnerability was reported in Red Hat Directory Server. A local user can obtain administrative passwords.

The Directory Server setup scripts (setup-ds.pl and setup-ds-admin.pl) cache certain files containing the Directory and Administration Server administrative account passwords with unsafe permissions. A local user can access the files to obtain the authentication credentials for those administrative accounts.

Impact:   A local user can obtain administrative passwords.
Solution:   The vendor has issued a fix.

The vendor's advisory is available at:

https://rhn.redhat.com/errata/RHSA-2010-0590.html

Vendor URL:  rhn.redhat.com/errata/RHSA-2010-0590.html (Links to External Site)
Cause:   Access control error
Underlying OS:   Linux (Red Hat Enterprise)

Message History:   None.


 Source Message Contents

Date:  Tue, 3 Aug 2010 14:16:54 -0600
Subject:  [RHSA-2010:0590-01] Low: Red Hat Directory Server security and enhancement update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: Red Hat Directory Server security and enhancement update
Advisory ID:       RHSA-2010:0590-01
Product:           Red Hat Directory Server
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2010-0590.html
Issue date:        2010-08-03
CVE Names:         CVE-2010-2241 
=====================================================================

1. Summary:

Updated Red Hat Directory Server and related packages that fix one security
issue, multiple bugs, and add enhancements are now available as Red Hat
Directory Server 8.2.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Directory Server 8 (for RHEL 5 Server) - i386, noarch, x86_64
Red Hat Directory Server 8.0 (for AS v. 4) - i386, noarch, x86_64
Red Hat Directory Server 8.0 (for ES v. 4) - i386, noarch, x86_64

3. Description:

Red Hat Directory Server is an LDAPv3-compliant directory server. The
redhat-ds-base package includes the LDAP server and command line utilities
for server administration.

Directory Server setup scripts created cache files, containing passwords
for the Directory and Administration Server administrative accounts, with
weak file permissions. A local user could use this flaw to obtain
authentication credentials for the administrative accounts. (CVE-2010-2241)

This update also adds the following enhancements:

* Entry USN - The Entry USN Plug-in provides a way for LDAP clients to know
that something in the database has changed by generating a global update
sequence number (USN) for every write operation.

* Linked Attributes - The new Linked Attributes Plug-in uses the DN value
of a known attribute to trace its way to the referenced entry, and then it
adds a reciprocal value, pointing back to the first entry.

* Bitwise Search - This release adds support for bit field values in LDAP
searches.

* Dereference Control - This release adds server support for the
dereference control in LDAP searches. A dereferencing search tracks back
over cross-references in an entry and returns information about the
referenced entry.

* PAM Pass-through Plug-in - The PAM PTA plug-in allows Directory Server to
leverage a network's existing PAM service to authenticate users.

* SMD5 Password Storage Scheme - Passwords can now be stored with the
salted MD5 password hash.

* Syntax Checking - A new syntax validation plug-in verifies that the value
given for an attribute in an operation matches the required syntax for that
attribute.

* Anonymous Resource Limits - A new server configuration attribute enables
the Directory Server to apply resource limits to anonymous binds.

* Anonymous Access Switch - A new server configuration attribute tells the
Directory Server to disable anonymous binds for added security.

* Secure Binds Switch - A new server configuration attribute tells the
Directory Server to require a secure connection of some kind for any simple
binds.

* SSF Restrictions - A new server configuration attribute allows
administrators to set a minimum Security Strength Factor (SSF) for all
connections to the server, which can require a secure connection.

* Mixed SASL/TLS Connections - Now, the server can have both SASL and TLS
configured.

* Setting Plug-in Load Orders - A new plug-in configuration attribute sets
the load order preference for the plug-in, anywhere from 1 to 99. This
effectively sets the load order for plug-ins of the same type.

* Named Pipe Log Script - A new directory script allows logging data to be
sent to a named pipe instead of the standard server logs.

* Simple Paged Results - This release adds server support for results of
LDAP searches to be broken into pages.

* New Matching Rule and Attribute Syntaxes - This release adds support for
several new matching rules and 11 new attribute syntaxes.

These packages also contain many bug fixes for major features in Red Hat
Directory Server, including replication, synchronization, setup and
migration, command line tools, the Java console, and the Administration
Server. Refer to the Red Hat Directory Server 8.2 Release Notes for further
information:

http://www.redhat.com/docs/manuals/dir-server/8.2/rel-notes/html

All Red Hat Directory Server users should upgrade to Red Hat Directory
Server 8.2, which resolves these issues and adds these enhancements.

4. Solution:

Users running Red Hat Directory Server should consult the Red Hat Directory
Server 8.2 Release Notes for installation and upgrade instructions:

http://www.redhat.com/docs/manuals/dir-server/8.2/rel-notes/html

5. Bugs fixed (http://bugzilla.redhat.com/):

608032 - CVE-2010-2241 redhat-ds: setup script insecure .inf file permissions

6. Package List:

Red Hat Directory Server 8.0 (for AS v. 4):

Source:
ftp://updates.redhat.com/enterprise/4AS/en/RHDirServ/SRPMS/idm-console-framework-1.1.5-1.el4idm.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/RHDirServ/SRPMS/redhat-admin-console-8.2.0-2.el4dsrv.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/RHDirServ/SRPMS/redhat-ds-8.2.0-1.el4dsrv.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/RHDirServ/SRPMS/redhat-ds-admin-8.2.0-4.el4dsrv.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/RHDirServ/SRPMS/redhat-ds-base-8.2.0-14.el4dsrv.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/RHDirServ/SRPMS/redhat-ds-console-8.2.0-4.el4dsrv.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/RHDirServ/SRPMS/redhat-idm-console-1.0.2-1.el4idm.src.rpm

i386:
redhat-ds-8.2.0-1.el4dsrv.i386.rpm
redhat-ds-admin-8.2.0-4.el4dsrv.i386.rpm
redhat-ds-admin-debuginfo-8.2.0-4.el4dsrv.i386.rpm
redhat-ds-base-8.2.0-14.el4dsrv.i386.rpm
redhat-ds-base-debuginfo-8.2.0-14.el4dsrv.i386.rpm
redhat-ds-base-devel-8.2.0-14.el4dsrv.i386.rpm
redhat-idm-console-1.0.2-1.el4idm.i386.rpm
redhat-idm-console-debuginfo-1.0.2-1.el4idm.i386.rpm

noarch:
idm-console-framework-1.1.5-1.el4idm.noarch.rpm
redhat-admin-console-8.2.0-2.el4dsrv.noarch.rpm
redhat-ds-console-8.2.0-4.el4dsrv.noarch.rpm

x86_64:
redhat-ds-8.2.0-1.el4dsrv.x86_64.rpm
redhat-ds-admin-8.2.0-4.el4dsrv.x86_64.rpm
redhat-ds-admin-debuginfo-8.2.0-4.el4dsrv.x86_64.rpm
redhat-ds-base-8.2.0-14.el4dsrv.x86_64.rpm
redhat-ds-base-debuginfo-8.2.0-14.el4dsrv.x86_64.rpm
redhat-ds-base-devel-8.2.0-14.el4dsrv.x86_64.rpm
redhat-idm-console-1.0.2-1.el4idm.x86_64.rpm
redhat-idm-console-debuginfo-1.0.2-1.el4idm.x86_64.rpm

Red Hat Directory Server 8.0 (for ES v. 4):

Source:
ftp://updates.redhat.com/enterprise/4ES/en/RHDirServ/SRPMS/idm-console-framework-1.1.5-1.el4idm.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/RHDirServ/SRPMS/redhat-admin-console-8.2.0-2.el4dsrv.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/RHDirServ/SRPMS/redhat-ds-8.2.0-1.el4dsrv.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/RHDirServ/SRPMS/redhat-ds-admin-8.2.0-4.el4dsrv.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/RHDirServ/SRPMS/redhat-ds-base-8.2.0-14.el4dsrv.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/RHDirServ/SRPMS/redhat-ds-console-8.2.0-4.el4dsrv.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/RHDirServ/SRPMS/redhat-idm-console-1.0.2-1.el4idm.src.rpm

i386:
redhat-ds-8.2.0-1.el4dsrv.i386.rpm
redhat-ds-admin-8.2.0-4.el4dsrv.i386.rpm
redhat-ds-admin-debuginfo-8.2.0-4.el4dsrv.i386.rpm
redhat-ds-base-8.2.0-14.el4dsrv.i386.rpm
redhat-ds-base-debuginfo-8.2.0-14.el4dsrv.i386.rpm
redhat-ds-base-devel-8.2.0-14.el4dsrv.i386.rpm
redhat-idm-console-1.0.2-1.el4idm.i386.rpm
redhat-idm-console-debuginfo-1.0.2-1.el4idm.i386.rpm

noarch:
idm-console-framework-1.1.5-1.el4idm.noarch.rpm
redhat-admin-console-8.2.0-2.el4dsrv.noarch.rpm
redhat-ds-console-8.2.0-4.el4dsrv.noarch.rpm

x86_64:
redhat-ds-8.2.0-1.el4dsrv.x86_64.rpm
redhat-ds-admin-8.2.0-4.el4dsrv.x86_64.rpm
redhat-ds-admin-debuginfo-8.2.0-4.el4dsrv.x86_64.rpm
redhat-ds-base-8.2.0-14.el4dsrv.x86_64.rpm
redhat-ds-base-debuginfo-8.2.0-14.el4dsrv.x86_64.rpm
redhat-ds-base-devel-8.2.0-14.el4dsrv.x86_64.rpm
redhat-idm-console-1.0.2-1.el4idm.x86_64.rpm
redhat-idm-console-debuginfo-1.0.2-1.el4idm.x86_64.rpm

Red Hat Directory Server 8 (for RHEL 5 Server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHDirServ/SRPMS/idm-console-framework-1.1.5-1.el5idm.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHDirServ/SRPMS/jss-4.2.6-6.el5idm.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHDirServ/SRPMS/redhat-admin-console-8.2.0-2.el5dsrv.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHDirServ/SRPMS/redhat-ds-8.2.0-2.el5dsrv.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHDirServ/SRPMS/redhat-ds-admin-8.2.0-3.el5dsrv.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHDirServ/SRPMS/redhat-ds-base-8.2.0-13.el5dsrv.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHDirServ/SRPMS/redhat-ds-console-8.2.0-4.el5dsrv.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHDirServ/SRPMS/redhat-idm-console-1.0.2-1.el5idm.src.rpm

i386:
jss-4.2.6-6.el5idm.i386.rpm
jss-debuginfo-4.2.6-6.el5idm.i386.rpm
redhat-ds-8.2.0-2.el5dsrv.i386.rpm
redhat-ds-admin-8.2.0-3.el5dsrv.i386.rpm
redhat-ds-admin-debuginfo-8.2.0-3.el5dsrv.i386.rpm
redhat-ds-base-8.2.0-13.el5dsrv.i386.rpm
redhat-ds-base-debuginfo-8.2.0-13.el5dsrv.i386.rpm
redhat-ds-base-devel-8.2.0-13.el5dsrv.i386.rpm
redhat-idm-console-1.0.2-1.el5idm.i386.rpm
redhat-idm-console-debuginfo-1.0.2-1.el5idm.i386.rpm

noarch:
idm-console-framework-1.1.5-1.el5idm.noarch.rpm
redhat-admin-console-8.2.0-2.el5dsrv.noarch.rpm
redhat-ds-console-8.2.0-4.el5dsrv.noarch.rpm

x86_64:
jss-4.2.6-6.el5idm.x86_64.rpm
jss-debuginfo-4.2.6-6.el5idm.x86_64.rpm
redhat-ds-8.2.0-2.el5dsrv.x86_64.rpm
redhat-ds-admin-8.2.0-3.el5dsrv.x86_64.rpm
redhat-ds-admin-debuginfo-8.2.0-3.el5dsrv.x86_64.rpm
redhat-ds-base-8.2.0-13.el5dsrv.x86_64.rpm
redhat-ds-base-debuginfo-8.2.0-13.el5dsrv.x86_64.rpm
redhat-ds-base-devel-8.2.0-13.el5dsrv.x86_64.rpm
redhat-idm-console-1.0.2-1.el5idm.x86_64.rpm
redhat-idm-console-debuginfo-1.0.2-1.el5idm.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2241.html
http://www.redhat.com/security/updates/classification/#low
http://www.redhat.com/docs/manuals/dir-server/8.2/rel-notes/html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMWHkaXlSAg2UNWIIRAn04AJ43oV0rpeoIsRd3ZT3pJz1S8PYsCgCdHQcA
Vpob09ofBi2LiJ2kjazgeEI=
=AcIA
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC