Security Advisory Important: 389-ds-base security update

Advisory: RHSA-2014:0292-1
Type: Security Advisory
Severity: Important
Issued on: 2014-03-13
Last updated on: 2014-03-13
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2014-0132

Details

Updated 389-ds-base packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
Important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The 389 Directory Server is an LDAPv3 compliant server. The base packages
include the Lightweight Directory Access Protocol (LDAP) server and
command-line utilities for server administration.

It was discovered that the 389 Directory Server did not properly handle
certain SASL-based authentication mechanisms. A user able to authenticate
to the directory using these SASL mechanisms could connect as any other
directory user, including the administrative Directory Manager account.
This could allow them to modify configuration values, as well as read and
write any data the directory holds. (CVE-2014-0132)

All 389-ds-base users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
this update, the 389 server service will be restarted automatically.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
389-ds-base-1.2.11.15-32.el6_5.src.rpm
File outdated by:  RHBA-2015:1326
    MD5: eb326bbd47a6df387f85e44e8a9a8a6b
SHA-256: eea40bde6cc73cce37c41a039d553d7d2b390064ed12d9267598a1c57a2f1c44
 
IA-32:
389-ds-base-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: 33c4a501c5c0630af6912926bcbd9d91
SHA-256: 502f26b1318c4b588f6fa748132498468151aa327784b0eced9ea3378a53aa5e
389-ds-base-debuginfo-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: a250047fd35aa310c5cdee4ae2c9cbb4
SHA-256: 2bc40e46626a01defa9d87d15393a4e215d65bb9b4c9cf3f89d7a9567fb8e7da
389-ds-base-devel-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: 8f912425585b0307858c1000d967cdba
SHA-256: 0343c17842d02456b5215112b2ae29833a40496dcf98975a88612cfb244acdd9
389-ds-base-libs-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: eda6738d647a11680ebb3edb0a6b4328
SHA-256: ccce44550313faedfb78b1238c3c3f391e9205773964432b932cb4539363c24e
 
x86_64:
389-ds-base-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: 99e8608e1c2d01f022394e6a839ed104
SHA-256: 779b7b4d75cb5c6be02383578a0cc42647c89bfcc6fa416f3b42be1fa9bb773b
389-ds-base-debuginfo-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: a250047fd35aa310c5cdee4ae2c9cbb4
SHA-256: 2bc40e46626a01defa9d87d15393a4e215d65bb9b4c9cf3f89d7a9567fb8e7da
389-ds-base-debuginfo-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: 1b838e8fe458723d5200251dd647f05b
SHA-256: 1ebb325e8f4fdeecfbdab0bcd653d09043feaa85a4b6a7b14dc8d7a0355f8ad8
389-ds-base-devel-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: 8f912425585b0307858c1000d967cdba
SHA-256: 0343c17842d02456b5215112b2ae29833a40496dcf98975a88612cfb244acdd9
389-ds-base-devel-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: e37251b26b38861aac8f87d230b1a761
SHA-256: fa0aa299d27f0f71ad783a0453f51ddc48474888de9ec913f7ab630b5eb3dc8f
389-ds-base-libs-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: eda6738d647a11680ebb3edb0a6b4328
SHA-256: ccce44550313faedfb78b1238c3c3f391e9205773964432b932cb4539363c24e
389-ds-base-libs-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: 73ecc3e0f1106bfdf212e635ffc1a258
SHA-256: 46d1ce3aa2875bc8cb09d27a34886d8b25aa261d6c4abeb4dc10d9dd5739ac44
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
389-ds-base-1.2.11.15-32.el6_5.src.rpm
File outdated by:  RHBA-2015:1326
    MD5: eb326bbd47a6df387f85e44e8a9a8a6b
SHA-256: eea40bde6cc73cce37c41a039d553d7d2b390064ed12d9267598a1c57a2f1c44
 
x86_64:
389-ds-base-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: 99e8608e1c2d01f022394e6a839ed104
SHA-256: 779b7b4d75cb5c6be02383578a0cc42647c89bfcc6fa416f3b42be1fa9bb773b
389-ds-base-debuginfo-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: a250047fd35aa310c5cdee4ae2c9cbb4
SHA-256: 2bc40e46626a01defa9d87d15393a4e215d65bb9b4c9cf3f89d7a9567fb8e7da
389-ds-base-debuginfo-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: 1b838e8fe458723d5200251dd647f05b
SHA-256: 1ebb325e8f4fdeecfbdab0bcd653d09043feaa85a4b6a7b14dc8d7a0355f8ad8
389-ds-base-devel-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: 8f912425585b0307858c1000d967cdba
SHA-256: 0343c17842d02456b5215112b2ae29833a40496dcf98975a88612cfb244acdd9
389-ds-base-devel-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: e37251b26b38861aac8f87d230b1a761
SHA-256: fa0aa299d27f0f71ad783a0453f51ddc48474888de9ec913f7ab630b5eb3dc8f
389-ds-base-libs-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: eda6738d647a11680ebb3edb0a6b4328
SHA-256: ccce44550313faedfb78b1238c3c3f391e9205773964432b932cb4539363c24e
389-ds-base-libs-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: 73ecc3e0f1106bfdf212e635ffc1a258
SHA-256: 46d1ce3aa2875bc8cb09d27a34886d8b25aa261d6c4abeb4dc10d9dd5739ac44
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
389-ds-base-1.2.11.15-32.el6_5.src.rpm
File outdated by:  RHBA-2015:1326
    MD5: eb326bbd47a6df387f85e44e8a9a8a6b
SHA-256: eea40bde6cc73cce37c41a039d553d7d2b390064ed12d9267598a1c57a2f1c44
 
IA-32:
389-ds-base-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: 33c4a501c5c0630af6912926bcbd9d91
SHA-256: 502f26b1318c4b588f6fa748132498468151aa327784b0eced9ea3378a53aa5e
389-ds-base-debuginfo-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: a250047fd35aa310c5cdee4ae2c9cbb4
SHA-256: 2bc40e46626a01defa9d87d15393a4e215d65bb9b4c9cf3f89d7a9567fb8e7da
389-ds-base-devel-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: 8f912425585b0307858c1000d967cdba
SHA-256: 0343c17842d02456b5215112b2ae29833a40496dcf98975a88612cfb244acdd9
389-ds-base-libs-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: eda6738d647a11680ebb3edb0a6b4328
SHA-256: ccce44550313faedfb78b1238c3c3f391e9205773964432b932cb4539363c24e
 
x86_64:
389-ds-base-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: 99e8608e1c2d01f022394e6a839ed104
SHA-256: 779b7b4d75cb5c6be02383578a0cc42647c89bfcc6fa416f3b42be1fa9bb773b
389-ds-base-debuginfo-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: a250047fd35aa310c5cdee4ae2c9cbb4
SHA-256: 2bc40e46626a01defa9d87d15393a4e215d65bb9b4c9cf3f89d7a9567fb8e7da
389-ds-base-debuginfo-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: 1b838e8fe458723d5200251dd647f05b
SHA-256: 1ebb325e8f4fdeecfbdab0bcd653d09043feaa85a4b6a7b14dc8d7a0355f8ad8
389-ds-base-devel-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: 8f912425585b0307858c1000d967cdba
SHA-256: 0343c17842d02456b5215112b2ae29833a40496dcf98975a88612cfb244acdd9
389-ds-base-devel-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: e37251b26b38861aac8f87d230b1a761
SHA-256: fa0aa299d27f0f71ad783a0453f51ddc48474888de9ec913f7ab630b5eb3dc8f
389-ds-base-libs-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: eda6738d647a11680ebb3edb0a6b4328
SHA-256: ccce44550313faedfb78b1238c3c3f391e9205773964432b932cb4539363c24e
389-ds-base-libs-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: 73ecc3e0f1106bfdf212e635ffc1a258
SHA-256: 46d1ce3aa2875bc8cb09d27a34886d8b25aa261d6c4abeb4dc10d9dd5739ac44
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
389-ds-base-1.2.11.15-32.el6_5.src.rpm
File outdated by:  RHBA-2015:1326
    MD5: eb326bbd47a6df387f85e44e8a9a8a6b
SHA-256: eea40bde6cc73cce37c41a039d553d7d2b390064ed12d9267598a1c57a2f1c44
 
x86_64:
389-ds-base-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:1031
    MD5: 99e8608e1c2d01f022394e6a839ed104
SHA-256: 779b7b4d75cb5c6be02383578a0cc42647c89bfcc6fa416f3b42be1fa9bb773b
389-ds-base-debuginfo-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHSA-2014:1031
    MD5: a250047fd35aa310c5cdee4ae2c9cbb4
SHA-256: 2bc40e46626a01defa9d87d15393a4e215d65bb9b4c9cf3f89d7a9567fb8e7da
389-ds-base-debuginfo-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:1031
    MD5: 1b838e8fe458723d5200251dd647f05b
SHA-256: 1ebb325e8f4fdeecfbdab0bcd653d09043feaa85a4b6a7b14dc8d7a0355f8ad8
389-ds-base-devel-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHSA-2014:1031
    MD5: 8f912425585b0307858c1000d967cdba
SHA-256: 0343c17842d02456b5215112b2ae29833a40496dcf98975a88612cfb244acdd9
389-ds-base-devel-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:1031
    MD5: e37251b26b38861aac8f87d230b1a761
SHA-256: fa0aa299d27f0f71ad783a0453f51ddc48474888de9ec913f7ab630b5eb3dc8f
389-ds-base-libs-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHSA-2014:1031
    MD5: eda6738d647a11680ebb3edb0a6b4328
SHA-256: ccce44550313faedfb78b1238c3c3f391e9205773964432b932cb4539363c24e
389-ds-base-libs-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:1031
    MD5: 73ecc3e0f1106bfdf212e635ffc1a258
SHA-256: 46d1ce3aa2875bc8cb09d27a34886d8b25aa261d6c4abeb4dc10d9dd5739ac44
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
389-ds-base-1.2.11.15-32.el6_5.src.rpm
File outdated by:  RHBA-2015:1326
    MD5: eb326bbd47a6df387f85e44e8a9a8a6b
SHA-256: eea40bde6cc73cce37c41a039d553d7d2b390064ed12d9267598a1c57a2f1c44
 
IA-32:
389-ds-base-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHSA-2014:1031
    MD5: 33c4a501c5c0630af6912926bcbd9d91
SHA-256: 502f26b1318c4b588f6fa748132498468151aa327784b0eced9ea3378a53aa5e
389-ds-base-debuginfo-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHSA-2014:1031
    MD5: a250047fd35aa310c5cdee4ae2c9cbb4
SHA-256: 2bc40e46626a01defa9d87d15393a4e215d65bb9b4c9cf3f89d7a9567fb8e7da
389-ds-base-devel-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHSA-2014:1031
    MD5: 8f912425585b0307858c1000d967cdba
SHA-256: 0343c17842d02456b5215112b2ae29833a40496dcf98975a88612cfb244acdd9
389-ds-base-libs-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHSA-2014:1031
    MD5: eda6738d647a11680ebb3edb0a6b4328
SHA-256: ccce44550313faedfb78b1238c3c3f391e9205773964432b932cb4539363c24e
 
x86_64:
389-ds-base-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:1031
    MD5: 99e8608e1c2d01f022394e6a839ed104
SHA-256: 779b7b4d75cb5c6be02383578a0cc42647c89bfcc6fa416f3b42be1fa9bb773b
389-ds-base-debuginfo-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHSA-2014:1031
    MD5: a250047fd35aa310c5cdee4ae2c9cbb4
SHA-256: 2bc40e46626a01defa9d87d15393a4e215d65bb9b4c9cf3f89d7a9567fb8e7da
389-ds-base-debuginfo-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:1031
    MD5: 1b838e8fe458723d5200251dd647f05b
SHA-256: 1ebb325e8f4fdeecfbdab0bcd653d09043feaa85a4b6a7b14dc8d7a0355f8ad8
389-ds-base-devel-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHSA-2014:1031
    MD5: 8f912425585b0307858c1000d967cdba
SHA-256: 0343c17842d02456b5215112b2ae29833a40496dcf98975a88612cfb244acdd9
389-ds-base-devel-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:1031
    MD5: e37251b26b38861aac8f87d230b1a761
SHA-256: fa0aa299d27f0f71ad783a0453f51ddc48474888de9ec913f7ab630b5eb3dc8f
389-ds-base-libs-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHSA-2014:1031
    MD5: eda6738d647a11680ebb3edb0a6b4328
SHA-256: ccce44550313faedfb78b1238c3c3f391e9205773964432b932cb4539363c24e
389-ds-base-libs-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:1031
    MD5: 73ecc3e0f1106bfdf212e635ffc1a258
SHA-256: 46d1ce3aa2875bc8cb09d27a34886d8b25aa261d6c4abeb4dc10d9dd5739ac44
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
389-ds-base-1.2.11.15-32.el6_5.src.rpm
File outdated by:  RHBA-2015:1326
    MD5: eb326bbd47a6df387f85e44e8a9a8a6b
SHA-256: eea40bde6cc73cce37c41a039d553d7d2b390064ed12d9267598a1c57a2f1c44
 
IA-32:
389-ds-base-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: 33c4a501c5c0630af6912926bcbd9d91
SHA-256: 502f26b1318c4b588f6fa748132498468151aa327784b0eced9ea3378a53aa5e
389-ds-base-debuginfo-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: a250047fd35aa310c5cdee4ae2c9cbb4
SHA-256: 2bc40e46626a01defa9d87d15393a4e215d65bb9b4c9cf3f89d7a9567fb8e7da
389-ds-base-devel-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: 8f912425585b0307858c1000d967cdba
SHA-256: 0343c17842d02456b5215112b2ae29833a40496dcf98975a88612cfb244acdd9
389-ds-base-libs-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: eda6738d647a11680ebb3edb0a6b4328
SHA-256: ccce44550313faedfb78b1238c3c3f391e9205773964432b932cb4539363c24e
 
x86_64:
389-ds-base-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: 99e8608e1c2d01f022394e6a839ed104
SHA-256: 779b7b4d75cb5c6be02383578a0cc42647c89bfcc6fa416f3b42be1fa9bb773b
389-ds-base-debuginfo-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: a250047fd35aa310c5cdee4ae2c9cbb4
SHA-256: 2bc40e46626a01defa9d87d15393a4e215d65bb9b4c9cf3f89d7a9567fb8e7da
389-ds-base-debuginfo-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: 1b838e8fe458723d5200251dd647f05b
SHA-256: 1ebb325e8f4fdeecfbdab0bcd653d09043feaa85a4b6a7b14dc8d7a0355f8ad8
389-ds-base-devel-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: 8f912425585b0307858c1000d967cdba
SHA-256: 0343c17842d02456b5215112b2ae29833a40496dcf98975a88612cfb244acdd9
389-ds-base-devel-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: e37251b26b38861aac8f87d230b1a761
SHA-256: fa0aa299d27f0f71ad783a0453f51ddc48474888de9ec913f7ab630b5eb3dc8f
389-ds-base-libs-1.2.11.15-32.el6_5.i686.rpm
File outdated by:  RHBA-2015:1326
    MD5: eda6738d647a11680ebb3edb0a6b4328
SHA-256: ccce44550313faedfb78b1238c3c3f391e9205773964432b932cb4539363c24e
389-ds-base-libs-1.2.11.15-32.el6_5.x86_64.rpm
File outdated by:  RHBA-2015:1326
    MD5: 73ecc3e0f1106bfdf212e635ffc1a258
SHA-256: 46d1ce3aa2875bc8cb09d27a34886d8b25aa261d6c4abeb4dc10d9dd5739ac44
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1074845 - CVE-2014-0132 389-ds: flaw in parsing authzid can lead to privilege escalation


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/