what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2010-026

Mandriva Linux Security Advisory 2010-026
Posted Jan 27, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-026 - libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not properly handle a \\'\\0\\' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2009-3767
SHA-256 | d24aa6b26a33a379ee5a3aeb6a16a1856818804de3fa37eae392f97c6825290a

Mandriva Linux Security Advisory 2010-026

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:026
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openldap
Date : January 26, 2010
Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in openldap:

libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does
not properly handle a \'\0\' (NUL) character in a domain name in
the subject's Common Name (CN) field of an X.509 certificate, which
allows man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification Authority,
a related issue to CVE-2009-2408 (CVE-2009-3767).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
05d27c8e50b79e16c345756251c5e819 2008.0/i586/libldap2.3_0-2.3.38-3.4mdv2008.0.i586.rpm
c3b564ed72214c88e4f97b754baec0d3 2008.0/i586/libldap2.3_0-devel-2.3.38-3.4mdv2008.0.i586.rpm
cb184b75f27937fbf10bee2c4526ccb8 2008.0/i586/libldap2.3_0-static-devel-2.3.38-3.4mdv2008.0.i586.rpm
53a1cb617be31adf8002d03c975242df 2008.0/i586/openldap-2.3.38-3.4mdv2008.0.i586.rpm
48114cab21906ac3f736d669ea9c1a21 2008.0/i586/openldap-clients-2.3.38-3.4mdv2008.0.i586.rpm
a16e2a6e65d1f68eea0989590f0057b7 2008.0/i586/openldap-doc-2.3.38-3.4mdv2008.0.i586.rpm
1184787dc8596fc25c660396d012d6eb 2008.0/i586/openldap-servers-2.3.38-3.4mdv2008.0.i586.rpm
84c2fe50106a22d3fe27b3cdba4197d9 2008.0/i586/openldap-testprogs-2.3.38-3.4mdv2008.0.i586.rpm
b3facfc070aee1223d254ec984c61ab7 2008.0/i586/openldap-tests-2.3.38-3.4mdv2008.0.i586.rpm
d43ec379be752a4229b996bf0212123e 2008.0/SRPMS/openldap-2.3.38-3.4mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
fd10ca40cbd47ac92f0fb018abeb43b0 2008.0/x86_64/lib64ldap2.3_0-2.3.38-3.4mdv2008.0.x86_64.rpm
6f70689679ee97a5c0586190b0c14fe3 2008.0/x86_64/lib64ldap2.3_0-devel-2.3.38-3.4mdv2008.0.x86_64.rpm
804c10f2e0fc978bdaff791fffdf6cb3 2008.0/x86_64/lib64ldap2.3_0-static-devel-2.3.38-3.4mdv2008.0.x86_64.rpm
2e9eaa2bc8024bab086d6719371c104b 2008.0/x86_64/openldap-2.3.38-3.4mdv2008.0.x86_64.rpm
a11488a1a69f82d75bd9cbb0162810df 2008.0/x86_64/openldap-clients-2.3.38-3.4mdv2008.0.x86_64.rpm
2f8a0560815adc858f9751d50154233b 2008.0/x86_64/openldap-doc-2.3.38-3.4mdv2008.0.x86_64.rpm
82dba0aa278c64c7c588d468b910ed7f 2008.0/x86_64/openldap-servers-2.3.38-3.4mdv2008.0.x86_64.rpm
37c4c53990d046d55eb37a4c89b41421 2008.0/x86_64/openldap-testprogs-2.3.38-3.4mdv2008.0.x86_64.rpm
fb880135c85355b26e2769fadacb3563 2008.0/x86_64/openldap-tests-2.3.38-3.4mdv2008.0.x86_64.rpm
d43ec379be752a4229b996bf0212123e 2008.0/SRPMS/openldap-2.3.38-3.4mdv2008.0.src.rpm

Mandriva Linux 2009.0:
1edb07acb66ec501f451ab12e82c701f 2009.0/i586/libldap2.4_2-2.4.11-3.2mdv2009.0.i586.rpm
d89cc046166856ec10e6571646efc911 2009.0/i586/libldap2.4_2-devel-2.4.11-3.2mdv2009.0.i586.rpm
d3895a847d8aad9d09446162b0ffcd8d 2009.0/i586/libldap2.4_2-static-devel-2.4.11-3.2mdv2009.0.i586.rpm
069829021563439e98d464c942f8b465 2009.0/i586/openldap-2.4.11-3.2mdv2009.0.i586.rpm
d10c57b7e4b2e47350be4ed9e0653d13 2009.0/i586/openldap-clients-2.4.11-3.2mdv2009.0.i586.rpm
0e1cdfc7e0de6148feebdc28d7f957a5 2009.0/i586/openldap-doc-2.4.11-3.2mdv2009.0.i586.rpm
c14ac5126b17775363da034cb68557b0 2009.0/i586/openldap-servers-2.4.11-3.2mdv2009.0.i586.rpm
07f0a85987bcd586359852b7cad8649d 2009.0/i586/openldap-testprogs-2.4.11-3.2mdv2009.0.i586.rpm
9a51e08fa565f830672328a0c00fc8e8 2009.0/i586/openldap-tests-2.4.11-3.2mdv2009.0.i586.rpm
9cf49efc39d9e3b1e33d815ce4ecbb9b 2009.0/SRPMS/openldap-2.4.11-3.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
54e430c0735f09e81cbc01f8d6d2e0cb 2009.0/x86_64/lib64ldap2.4_2-2.4.11-3.2mdv2009.0.x86_64.rpm
a603ee71bb23a2482ba24d9b5aa0d441 2009.0/x86_64/lib64ldap2.4_2-devel-2.4.11-3.2mdv2009.0.x86_64.rpm
d2f3bb877cdbca3a7c19694ddf998f70 2009.0/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.2mdv2009.0.x86_64.rpm
d5679cdc3fe1a66c67856ff7cc820e97 2009.0/x86_64/openldap-2.4.11-3.2mdv2009.0.x86_64.rpm
f9e4916cb87578bc2ee52456b1cc8612 2009.0/x86_64/openldap-clients-2.4.11-3.2mdv2009.0.x86_64.rpm
45c0453372a06e434c92ee6d6e565326 2009.0/x86_64/openldap-doc-2.4.11-3.2mdv2009.0.x86_64.rpm
3688fdc6044b0c069cfddbcafb8570dd 2009.0/x86_64/openldap-servers-2.4.11-3.2mdv2009.0.x86_64.rpm
8ccdef4f247693f087b2f8ced9f6df75 2009.0/x86_64/openldap-testprogs-2.4.11-3.2mdv2009.0.x86_64.rpm
2ff3c40955d05049b1b087fe4a46f470 2009.0/x86_64/openldap-tests-2.4.11-3.2mdv2009.0.x86_64.rpm
9cf49efc39d9e3b1e33d815ce4ecbb9b 2009.0/SRPMS/openldap-2.4.11-3.2mdv2009.0.src.rpm

Mandriva Linux 2009.1:
b89b2509fe864d9750fef6c49f6c0184 2009.1/i586/libldap2.4_2-2.4.16-1.1mdv2009.1.i586.rpm
e7e532035891022e817808e983e596a9 2009.1/i586/libldap2.4_2-devel-2.4.16-1.1mdv2009.1.i586.rpm
b4b6f34878132d1c1c823ef89833e8f8 2009.1/i586/libldap2.4_2-static-devel-2.4.16-1.1mdv2009.1.i586.rpm
942ed86998426b2b10ec399c3a52b77e 2009.1/i586/openldap-2.4.16-1.1mdv2009.1.i586.rpm
82cfd7b50e08b313033aa3d3f5fe256b 2009.1/i586/openldap-clients-2.4.16-1.1mdv2009.1.i586.rpm
9c95fafea86a758a2a6fe4770f125035 2009.1/i586/openldap-doc-2.4.16-1.1mdv2009.1.i586.rpm
f23ef462351ad9f2a43857591af492c0 2009.1/i586/openldap-servers-2.4.16-1.1mdv2009.1.i586.rpm
6ac2057dd719078e7f05033c4eeb8244 2009.1/i586/openldap-testprogs-2.4.16-1.1mdv2009.1.i586.rpm
e9728e9007a3abeaed7b22ea70fde1b1 2009.1/i586/openldap-tests-2.4.16-1.1mdv2009.1.i586.rpm
6e7c1810d3fad170498c9b80887104ec 2009.1/SRPMS/openldap-2.4.16-1.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
bf51e99f555efe4c1433c61fb1b970a1 2009.1/x86_64/lib64ldap2.4_2-2.4.16-1.1mdv2009.1.x86_64.rpm
b27971669d145b8d77b422a6239d9c12 2009.1/x86_64/lib64ldap2.4_2-devel-2.4.16-1.1mdv2009.1.x86_64.rpm
79d8a022b0fc68cac40c3b9c59ee0a94 2009.1/x86_64/lib64ldap2.4_2-static-devel-2.4.16-1.1mdv2009.1.x86_64.rpm
bd047c1075c1a37885f698ee3262892e 2009.1/x86_64/openldap-2.4.16-1.1mdv2009.1.x86_64.rpm
9a3062118ab8c405bb059839b98ac85d 2009.1/x86_64/openldap-clients-2.4.16-1.1mdv2009.1.x86_64.rpm
a14bb0244d99eb101c34da5cd404c323 2009.1/x86_64/openldap-doc-2.4.16-1.1mdv2009.1.x86_64.rpm
05597018b9ae1a5cd27849f4e2630aa1 2009.1/x86_64/openldap-servers-2.4.16-1.1mdv2009.1.x86_64.rpm
dc514f10efe28460c2cc9531dd46fded 2009.1/x86_64/openldap-testprogs-2.4.16-1.1mdv2009.1.x86_64.rpm
99ac81225c652a1e11d6fc0259e79339 2009.1/x86_64/openldap-tests-2.4.16-1.1mdv2009.1.x86_64.rpm
6e7c1810d3fad170498c9b80887104ec 2009.1/SRPMS/openldap-2.4.16-1.1mdv2009.1.src.rpm

Corporate 4.0:
2680f39542c1a732ddfbf125bdb840ec corporate/4.0/i586/libldap2.3_0-2.3.27-1.6.20060mlcs4.i586.rpm
eba24e380a590ccab0c51cebd5a6b2b5 corporate/4.0/i586/libldap2.3_0-devel-2.3.27-1.6.20060mlcs4.i586.rpm
c09bd1c40966ce05dcb250f60363cff0 corporate/4.0/i586/libldap2.3_0-static-devel-2.3.27-1.6.20060mlcs4.i586.rpm
4b288051aaaae89e4fd51f3e23fff9de corporate/4.0/i586/openldap-2.3.27-1.6.20060mlcs4.i586.rpm
4a929338eaf5bdb04753e8e3a9e9a5f2 corporate/4.0/i586/openldap-clients-2.3.27-1.6.20060mlcs4.i586.rpm
c1466377dd9d3085058a6239afc5c290 corporate/4.0/i586/openldap-doc-2.3.27-1.6.20060mlcs4.i586.rpm
b3d3da31f572a96f4d206a7dc0024ea7 corporate/4.0/i586/openldap-servers-2.3.27-1.6.20060mlcs4.i586.rpm
97589a85f65923d54383b5a6dde41fb2 corporate/4.0/SRPMS/openldap-2.3.27-1.6.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
4d757bcbeff60980e7161905ee84f4f3 corporate/4.0/x86_64/lib64ldap2.3_0-2.3.27-1.6.20060mlcs4.x86_64.rpm
71a4b1de7f60e959bf293bf97c69b2ff corporate/4.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.6.20060mlcs4.x86_64.rpm
f72e33cf6b5c9ce48651ad338c4764b7 corporate/4.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.6.20060mlcs4.x86_64.rpm
119b451378a0db92afd13ab320ae0780 corporate/4.0/x86_64/openldap-2.3.27-1.6.20060mlcs4.x86_64.rpm
4ecc97d7aa99bc3ae29d5c5e93283dd1 corporate/4.0/x86_64/openldap-clients-2.3.27-1.6.20060mlcs4.x86_64.rpm
731857c379ce789f8f495b1d707d7e82 corporate/4.0/x86_64/openldap-doc-2.3.27-1.6.20060mlcs4.x86_64.rpm
e72705d3d650cf099748091e7293e706 corporate/4.0/x86_64/openldap-servers-2.3.27-1.6.20060mlcs4.x86_64.rpm
97589a85f65923d54383b5a6dde41fb2 corporate/4.0/SRPMS/openldap-2.3.27-1.6.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
09d4a893fbfb5aeeaba0d920717e7bf2 mes5/i586/libldap2.4_2-2.4.11-3.2mdvmes5.i586.rpm
0431d42a2e6355abcb2ac3c06deb5fdf mes5/i586/libldap2.4_2-devel-2.4.11-3.2mdvmes5.i586.rpm
fc5961e23f65c182abc7a12bc5d151dd mes5/i586/libldap2.4_2-static-devel-2.4.11-3.2mdvmes5.i586.rpm
2972925135a2a05ead56437a9b5419dc mes5/i586/openldap-2.4.11-3.2mdvmes5.i586.rpm
f6065831019f66ad751b7ed2d7588685 mes5/i586/openldap-clients-2.4.11-3.2mdvmes5.i586.rpm
40c97b12b13377de19c00d748714d312 mes5/i586/openldap-doc-2.4.11-3.2mdvmes5.i586.rpm
30275464184256272fcf7cadea77d090 mes5/i586/openldap-servers-2.4.11-3.2mdvmes5.i586.rpm
a29701216dc54d9c951a618ace801be8 mes5/i586/openldap-testprogs-2.4.11-3.2mdvmes5.i586.rpm
853bca2f88cd4764e925fe3392a1ebda mes5/i586/openldap-tests-2.4.11-3.2mdvmes5.i586.rpm
5f0cff3716ac2871124d0d3d24267b4b mes5/SRPMS/openldap-2.4.11-3.2mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
b5470e8cd7073d008be83c8731b32bd3 mes5/x86_64/lib64ldap2.4_2-2.4.11-3.2mdvmes5.x86_64.rpm
b4be80b1527524287f36d9f7d829fa13 mes5/x86_64/lib64ldap2.4_2-devel-2.4.11-3.2mdvmes5.x86_64.rpm
2b8410175476f709bf6a1a54e8f158ff mes5/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.2mdvmes5.x86_64.rpm
597714018771bba7e50aecbf850b19d9 mes5/x86_64/openldap-2.4.11-3.2mdvmes5.x86_64.rpm
c05436b7c7aca704564d19b656b94d63 mes5/x86_64/openldap-clients-2.4.11-3.2mdvmes5.x86_64.rpm
05b5482d288d6b877246ca8a7332fd86 mes5/x86_64/openldap-doc-2.4.11-3.2mdvmes5.x86_64.rpm
deb1329b1735d506be64f7a599e32df1 mes5/x86_64/openldap-servers-2.4.11-3.2mdvmes5.x86_64.rpm
447c0303692296fde9c5555d782435cb mes5/x86_64/openldap-testprogs-2.4.11-3.2mdvmes5.x86_64.rpm
fc597de3166dc25c92b7eada78ebf242 mes5/x86_64/openldap-tests-2.4.11-3.2mdvmes5.x86_64.rpm
5f0cff3716ac2871124d0d3d24267b4b mes5/SRPMS/openldap-2.4.11-3.2mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLXwOHmqjQ0CJFipgRAp7yAJ40umReJDo1Asg6BoihvuXXShK+vACeP+Vx
9jUkR+Zs9Nl7nEVuZXdjAvw=
=Fkxu
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close