Skip to navigation

Security Advisory Low: Red Hat Directory Server security and enhancement update

Advisory: RHSA-2010:0590-1
Type: Security Advisory
Severity: Low
Issued on: 2010-08-03
Last updated on: 2010-08-03
Affected Products: Red Hat Directory Server v8 EL4
Red Hat Directory Server v8 EL5
CVEs (cve.mitre.org): CVE-2010-2241

Details

Updated Red Hat Directory Server and related packages that fix one security
issue, multiple bugs, and add enhancements are now available as Red Hat
Directory Server 8.2.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Red Hat Directory Server is an LDAPv3-compliant directory server. The
redhat-ds-base package includes the LDAP server and command line utilities
for server administration.

Directory Server setup scripts created cache files, containing passwords
for the Directory and Administration Server administrative accounts, with
weak file permissions. A local user could use this flaw to obtain
authentication credentials for the administrative accounts. (CVE-2010-2241)

This update also adds the following enhancements:

* Entry USN - The Entry USN Plug-in provides a way for LDAP clients to know
that something in the database has changed by generating a global update
sequence number (USN) for every write operation.

* Linked Attributes - The new Linked Attributes Plug-in uses the DN value
of a known attribute to trace its way to the referenced entry, and then it
adds a reciprocal value, pointing back to the first entry.

* Bitwise Search - This release adds support for bit field values in LDAP
searches.

* Dereference Control - This release adds server support for the
dereference control in LDAP searches. A dereferencing search tracks back
over cross-references in an entry and returns information about the
referenced entry.

* PAM Pass-through Plug-in - The PAM PTA plug-in allows Directory Server to
leverage a network's existing PAM service to authenticate users.

* SMD5 Password Storage Scheme - Passwords can now be stored with the
salted MD5 password hash.

* Syntax Checking - A new syntax validation plug-in verifies that the value
given for an attribute in an operation matches the required syntax for that
attribute.

* Anonymous Resource Limits - A new server configuration attribute enables
the Directory Server to apply resource limits to anonymous binds.

* Anonymous Access Switch - A new server configuration attribute tells the
Directory Server to disable anonymous binds for added security.

* Secure Binds Switch - A new server configuration attribute tells the
Directory Server to require a secure connection of some kind for any simple
binds.

* SSF Restrictions - A new server configuration attribute allows
administrators to set a minimum Security Strength Factor (SSF) for all
connections to the server, which can require a secure connection.

* Mixed SASL/TLS Connections - Now, the server can have both SASL and TLS
configured.

* Setting Plug-in Load Orders - A new plug-in configuration attribute sets
the load order preference for the plug-in, anywhere from 1 to 99. This
effectively sets the load order for plug-ins of the same type.

* Named Pipe Log Script - A new directory script allows logging data to be
sent to a named pipe instead of the standard server logs.

* Simple Paged Results - This release adds server support for results of
LDAP searches to be broken into pages.

* New Matching Rule and Attribute Syntaxes - This release adds support for
several new matching rules and 11 new attribute syntaxes.

These packages also contain many bug fixes for major features in Red Hat
Directory Server, including replication, synchronization, setup and
migration, command line tools, the Java console, and the Administration
Server. Refer to the Red Hat Directory Server 8.2 Release Notes for further
information:

http://www.redhat.com/docs/manuals/dir-server/8.2/rel-notes/html

All Red Hat Directory Server users should upgrade to Red Hat Directory
Server 8.2, which resolves these issues and adds these enhancements.


Solution

Users running Red Hat Directory Server should consult the Red Hat Directory
Server 8.2 Release Notes for installation and upgrade instructions:

http://www.redhat.com/docs/manuals/dir-server/8.2/rel-notes/html

Updated packages

Red Hat Directory Server v8 EL4

SRPMS:
idm-console-framework-1.1.5-1.el4idm.src.rpm     MD5: 7ffb9ce3b2f3b6d6be11bfb4a35e6349
SHA-256: 3ddb2dc79e976ce31572c5ed2898488d856c451840763a46564aee4117b39d7a
redhat-admin-console-8.2.0-2.el4dsrv.src.rpm     MD5: a5be35815ac5884fdc81ff30c95ad34d
SHA-256: d8f120dab05107f87fdab58a94e4691a0ff70174c034e982e7a4324112c4f2e6
redhat-ds-8.2.0-1.el4dsrv.src.rpm     MD5: 332bf2a395fa6f628aa15e6d3d237c44
SHA-256: d798b84152ab45b09e104457dc144896aa16840b6f78f62f7eec090871e51853
redhat-ds-admin-8.2.0-4.el4dsrv.src.rpm
File outdated by:  RHSA-2011:0293
    MD5: 347d1c061f490e007e7ab2ab6c49be8f
SHA-256: f14beadf1789d6340895eb5764da1e5ba9b2a49bc5b767d8e324b4e791431ca1
redhat-ds-base-8.2.0-14.el4dsrv.src.rpm
File outdated by:  RHBA-2012:0064
    MD5: 5335c97dfe8072662bd408f566efe75f
SHA-256: 9e38a27253adf68b79ed50c7da4df1a4db61e8412870ff311707e24a4c4f5ef9
redhat-ds-console-8.2.0-4.el4dsrv.src.rpm     MD5: fd7f08cb00970b7ceeee3db516ff5778
SHA-256: 9cbb5d22ef270278fa3491794521d62a208457417b0947dbb40514fd53c27b2b
redhat-idm-console-1.0.2-1.el4idm.src.rpm     MD5: ed33add6ab228c27e541897e27771703
SHA-256: 2c6a1f117c776c272b1090ce984a2eec429fcea05339de25f982b37badb917fc
 
IA-32:
idm-console-framework-1.1.5-1.el4idm.noarch.rpm     MD5: 91ecd3f5e941d26cfa34405b4372639f
SHA-256: d53bf8aea0fc78836c4642e9945e85ceecd05d8803e3177fbc449aac023668be
redhat-admin-console-8.2.0-2.el4dsrv.noarch.rpm     MD5: 34b6178b57c936cba0f9bc5ea28ef0e5
SHA-256: c3f357273947f99c622cef05b42e28989536abf747d93bb3890d7f2bc73df85e
redhat-ds-8.2.0-1.el4dsrv.i386.rpm     MD5: 077abaeb2bb51bc0c50116012359b0c1
SHA-256: b5ba409589a6443262971886175457e6e6d7df1c98b1f73240da4f2027e3684d
redhat-ds-admin-8.2.0-4.el4dsrv.i386.rpm
File outdated by:  RHSA-2011:0293
    MD5: 0ce337800b4d0b49297224cc2ec2c345
SHA-256: c61a3fd3e2e294e2455ad221448687ff80fe9a2a0351e2a01bafd233c0305650
redhat-ds-base-8.2.0-14.el4dsrv.i386.rpm
File outdated by:  RHBA-2012:0064
    MD5: a8347ba37ffb062dfd8a150df123b47c
SHA-256: 3c9560488d773836b5b343999cbcb22334e6a4780c5f3c807075627ab967c411
redhat-ds-base-devel-8.2.0-14.el4dsrv.i386.rpm
File outdated by:  RHBA-2012:0064
    MD5: 02adbd7922746d93d37f81df9a7dddc2
SHA-256: 5de53711ff7a37f4eed6f517f8472c952a80e8387140194174125d6b9720e116
redhat-ds-console-8.2.0-4.el4dsrv.noarch.rpm     MD5: 07a8e4a52469359e2ddcd05a1ec03655
SHA-256: 1035578e8dacfa53208160efbd7e4abe843b37ce0ddfbcee8aec488526abaaca
redhat-idm-console-1.0.2-1.el4idm.i386.rpm     MD5: 18a305b8a46d06a9c6c6ec8dd78eba30
SHA-256: ddf8ba3f002a0d1b748beed7d62b9bef053c712f6551d7dcd37e715150bf9a1a
 
x86_64:
idm-console-framework-1.1.5-1.el4idm.noarch.rpm     MD5: 91ecd3f5e941d26cfa34405b4372639f
SHA-256: d53bf8aea0fc78836c4642e9945e85ceecd05d8803e3177fbc449aac023668be
redhat-admin-console-8.2.0-2.el4dsrv.noarch.rpm     MD5: 34b6178b57c936cba0f9bc5ea28ef0e5
SHA-256: c3f357273947f99c622cef05b42e28989536abf747d93bb3890d7f2bc73df85e
redhat-ds-8.2.0-1.el4dsrv.x86_64.rpm     MD5: e2753d7355cc583e0d4d767d88600dcd
SHA-256: 9cfa6563176bc426786dca9a050162b03703ae74ea9986c94071aa7c7e8dc7b8
redhat-ds-admin-8.2.0-4.el4dsrv.x86_64.rpm
File outdated by:  RHSA-2011:0293
    MD5: 884b1d402b1442ce62faa4f2d0c571f1
SHA-256: 05af43939594f65b8181ce355312c884a312514053562f41e05eae317ac49c22
redhat-ds-base-8.2.0-14.el4dsrv.x86_64.rpm
File outdated by:  RHBA-2012:0064
    MD5: e9ee5e035759bd6f8a0265d9fd30d01a
SHA-256: 3914ae53df0b3669ba71291cd92046de8c0200928f472a6067495c1494841cf8
redhat-ds-base-devel-8.2.0-14.el4dsrv.x86_64.rpm
File outdated by:  RHBA-2012:0064
    MD5: a4d5c4ece7c33bb4cd200aaecd22b68c
SHA-256: 7f28abf887c34f5d919f0db8b81f3a1181ae8d71f8812da5cb3b2022d35164b6
redhat-ds-console-8.2.0-4.el4dsrv.noarch.rpm     MD5: 07a8e4a52469359e2ddcd05a1ec03655
SHA-256: 1035578e8dacfa53208160efbd7e4abe843b37ce0ddfbcee8aec488526abaaca
redhat-idm-console-1.0.2-1.el4idm.x86_64.rpm     MD5: 13e29e14e20a8fd93abd6f76375b2394
SHA-256: aa9c61f47ff27ca39d7c26184db37f4adc56b99f7846dbff2d1659190375ad1d
 
Red Hat Directory Server v8 EL5

SRPMS:
jss-4.2.6-6.el5idm.src.rpm     MD5: d77acad9ae72fda0ba91943c9e88c3eb
redhat-admin-console-8.2.0-2.el5dsrv.src.rpm     MD5: 7bcd1a08548c71979178780fa348bf68
SHA-256: 7b3ff19e97d37025e12c6659187a6a16adbf3a942a70a81691c5b57d2b13f0d0
redhat-ds-8.2.0-2.el5dsrv.src.rpm     MD5: 79f85255a0978e45e9f38d2300a92e4c
SHA-256: f16e222e3aad1d8806c75d1bc92eba845839be68b59799fef1b5eaee7918ecec
redhat-ds-admin-8.2.0-3.el5dsrv.src.rpm
File outdated by:  RHBA-2012:1079
    MD5: 5b98f317b44ba420eb72bc4fac26b784
SHA-256: ba72665dc16cfed24f1c0ddf0bbea1f7a6e8394a23657535194aad70b82a1fd0
redhat-ds-base-8.2.0-13.el5dsrv.src.rpm
File outdated by:  RHSA-2013:1753
    MD5: 8ca83a65d291992ce7184967f4ede7f6
SHA-256: 072aec1b6449a196c33e8d24ac8af65cf6a386084bc78a54aacba577401b66fc
redhat-ds-console-8.2.0-4.el5dsrv.src.rpm     MD5: be6f2ddae2caeccdeedfd576a059c324
SHA-256: a06c3d5874e0d8658bfdd1ec87c29b78fd743b9d4fa2ebd7029bbd475156466b
redhat-idm-console-1.0.2-1.el5idm.src.rpm     MD5: e182a3c5b172c33c58a00c75375b04d1
SHA-256: a6cd7d8598fe43fef4256a4b2c1d57db0fd1ff886644ab92cd61c0afd5c54427
 
IA-32:
jss-4.2.6-6.el5idm.i386.rpm     MD5: 8101887cfa6158c9706571a2f4a78753
redhat-admin-console-8.2.0-2.el5dsrv.noarch.rpm     MD5: 806ff9bf1fcf5feec29d675132e3dc3f
SHA-256: ab00b1ff49c0e678538ecdc4cd914982ca1da17c18b884995e4f6cdf83ae63cc
redhat-ds-8.2.0-2.el5dsrv.i386.rpm     MD5: 4ebd6f26033132585187421334d544bd
SHA-256: 19c6c3c2c12dc64a9ed17178f58d4424616201e71120b9c9172a91356d738ade
redhat-ds-admin-8.2.0-3.el5dsrv.i386.rpm
File outdated by:  RHBA-2012:1079
    MD5: fed694345f9d034c420a6c13dc7019c8
SHA-256: 9582eb82bd14c0898d62b8eb78c0bec1e52163435430ec54f030e0c5e7789230
redhat-ds-base-8.2.0-13.el5dsrv.i386.rpm
File outdated by:  RHSA-2013:1753
    MD5: 0ae34ffb4823ce08132afefd83779508
SHA-256: 92e4b45e4d5c1d4271797f7ffaaf3025ef95356e2170b627dd341f05c8d95827
redhat-ds-base-devel-8.2.0-13.el5dsrv.i386.rpm
File outdated by:  RHSA-2013:1753
    MD5: 3074b4767f665758753cf865603b6eab
SHA-256: c277c0e4732f15c5c5ef61a66aaac1ac336465630df1135b64e17d816a676df6
redhat-ds-console-8.2.0-4.el5dsrv.noarch.rpm     MD5: 64da8b76da2da4b4c0cbcbddf5f54614
SHA-256: 70531f3d27ac12f9a30d873e8891ad11a6b981ad30a613b7f6f76080d980b5e2
redhat-idm-console-1.0.2-1.el5idm.i386.rpm     MD5: 0803c3857bb88352a4f2b259639d9caa
SHA-256: 78775ab2f289b6e9a0487ea37f1e691588fff7459b92e8ac76d60c788d0b83e7
 
x86_64:
jss-4.2.6-6.el5idm.x86_64.rpm     MD5: 34e7f480e2ea160063c9ccdf598f58f3
redhat-admin-console-8.2.0-2.el5dsrv.noarch.rpm     MD5: 806ff9bf1fcf5feec29d675132e3dc3f
SHA-256: ab00b1ff49c0e678538ecdc4cd914982ca1da17c18b884995e4f6cdf83ae63cc
redhat-ds-8.2.0-2.el5dsrv.x86_64.rpm     MD5: 6532829ba7e313b017333bca451de88a
SHA-256: 8615c568b2da3093c84eec86baacbdfafcb87cfd1032f91d3591d056b8562ad2
redhat-ds-admin-8.2.0-3.el5dsrv.x86_64.rpm
File outdated by:  RHBA-2012:1079
    MD5: e6be8f3b1ccc15eaab7b0d8284f55814
SHA-256: 415b68c2d3ad936a383489dadc04b3218e3f934bd5fb6208d12aa9f8f1189ac0
redhat-ds-base-8.2.0-13.el5dsrv.x86_64.rpm
File outdated by:  RHSA-2013:1753
    MD5: 4265eba5c9d692b215ded51390aa515d
SHA-256: 3b562d6ba7bb0b27a25e0fa5fee9762dc4fe5d4e11da1ae82ef27ac2f832b12b
redhat-ds-base-devel-8.2.0-13.el5dsrv.x86_64.rpm
File outdated by:  RHSA-2013:1753
    MD5: 756f4eec577f0d9a3f88f67deb6a0652
SHA-256: 4b416aa47c067d1ef63b8af1ba2cc98dd0ef29c545bfac2b5c166932926d3f8d
redhat-ds-console-8.2.0-4.el5dsrv.noarch.rpm     MD5: 64da8b76da2da4b4c0cbcbddf5f54614
SHA-256: 70531f3d27ac12f9a30d873e8891ad11a6b981ad30a613b7f6f76080d980b5e2
redhat-idm-console-1.0.2-1.el5idm.x86_64.rpm     MD5: 3cbd8525e12bbb5a233d93116d2bb135
SHA-256: 9d6d596491ab03affd1fb607afe8944544032549cb2f7b0c4c776246faee9964
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

608032 - CVE-2010-2241 redhat-ds: setup script insecure .inf file permissions


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/