Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2008:0715 - Security Advisory
Issued:
2008-07-24
Updated:
2008-07-24

RHSA-2008:0715 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: nss_ldap security and bug fix update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated nss_ldap package that fixes a security issue and several bugs is
now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Description

The nss_ldap package contains the nss_ldap and pam_ldap modules. The
nss_ldap module is a plug-in which allows applications to retrieve
information about users and groups from a directory server. The pam_ldap
module allows PAM-aware applications to use a directory server to verify
user passwords.

A race condition was discovered in nss_ldap, which affected certain
applications that make LDAP connections, such as Dovecot. This could cause
nss_ldap to answer a request for information about one user with the
information about a different user. (CVE-2007-5794)

As well, this updated package fixes the following bugs:

  • in certain situations, on Itanium(R) architectures, when an application

performed an LDAP lookup for a highly populated group, for example,
containing more than 150 members, the application crashed, or may have
caused a segmentation fault. As well, this issue may have caused commands,
such as "ls", to return a "ber_free_buf: Assertion" error.

  • when an application enumerated members of a netgroup, the nss_ldap

module returned a successful status result and the netgroup name, even
when the netgroup did not exist. This behavior was not consistent with
other modules. In this updated package, nss_ldap no longer returns a
successful status when the netgroup does not exist.

  • in master and slave server environments, with systems that were

configured to use a read-only directory server, if user log in attempts
were denied because their passwords had expired, and users attempted to
immediately change their passwords, the replication server returned an LDAP
referral, instructing the pam_ldap module to resissue its request to a
different server; however, the pam_ldap module failed to do so. In these
situations, an error such as the following occurred:

LDAP password information update failed: Can't contact LDAP server
Insufficient 'write' privilege to the 'userPassword' attribute of entry
[entry]

In this updated package, password changes are allowed when binding against
a slave server, which resolves this issue.

  • when a system used a directory server for naming information, and

"nss_initgroups_ignoreusers root" was configured in "/etc/ldap.conf",
dbus-daemon-1 would hang. Running the "service messagebus start" command
did not start the service, and it did not fail, which would stop the boot
process if it was not cancelled.

As well, this updated package upgrades nss_ldap to the version as shipped
with Red Hat Enterprise Linux 5.

Users of nss_ldap are advised to upgrade to this updated package, which
resolves these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

  • BZ - 155187 - CVE-2007-5794 nss_ldap randomly replying with wrong user's data [rhel-4.7]
  • BZ - 233382 - nss_ldap crashes on large groups (IA64)
  • BZ - 253997 - nss_ldap / setnetgrent() returns always 1 despite not retrieving any valid results.
  • BZ - 367461 - CVE-2007-5794 nss_ldap randomly replying with wrong user's data
  • BZ - 401731 - Rebase nss_ldap to RHEL 5.2 version
  • BZ - 429101 - dbus-daemon-1 hangs when using the option nss_initgroups_ignoreusers in /etc/ldap.conf with the user root

CVEs

  • CVE-2007-5794

References

  • http://www.redhat.com/security/updates/classification/#low
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
nss_ldap-253-5.el4.src.rpm SHA-256: a6e98abade0a8a21f917bb5be4ec308de666421768e8bcabf0c45cb90d917eff
x86_64
nss_ldap-253-5.el4.i386.rpm SHA-256: 188ac02beb075d3cbdbcf12152abd525de984a4e879b32b588f54c63ad0aa3c8
nss_ldap-253-5.el4.i386.rpm SHA-256: 188ac02beb075d3cbdbcf12152abd525de984a4e879b32b588f54c63ad0aa3c8
nss_ldap-253-5.el4.x86_64.rpm SHA-256: 1fabca824ef513f11fd6a764455a721cda08590c7a3dbeb25ba20a42b4a81f8d
nss_ldap-253-5.el4.x86_64.rpm SHA-256: 1fabca824ef513f11fd6a764455a721cda08590c7a3dbeb25ba20a42b4a81f8d
ia64
nss_ldap-253-5.el4.i386.rpm SHA-256: 188ac02beb075d3cbdbcf12152abd525de984a4e879b32b588f54c63ad0aa3c8
nss_ldap-253-5.el4.i386.rpm SHA-256: 188ac02beb075d3cbdbcf12152abd525de984a4e879b32b588f54c63ad0aa3c8
nss_ldap-253-5.el4.ia64.rpm SHA-256: bf367983d875c1f1fe9cadf0f8c59d408d5caf62abc35b38d51a1fba45ba4d7f
nss_ldap-253-5.el4.ia64.rpm SHA-256: bf367983d875c1f1fe9cadf0f8c59d408d5caf62abc35b38d51a1fba45ba4d7f
i386
nss_ldap-253-5.el4.i386.rpm SHA-256: 188ac02beb075d3cbdbcf12152abd525de984a4e879b32b588f54c63ad0aa3c8
nss_ldap-253-5.el4.i386.rpm SHA-256: 188ac02beb075d3cbdbcf12152abd525de984a4e879b32b588f54c63ad0aa3c8

Red Hat Enterprise Linux Workstation 4

SRPM
nss_ldap-253-5.el4.src.rpm SHA-256: a6e98abade0a8a21f917bb5be4ec308de666421768e8bcabf0c45cb90d917eff
x86_64
nss_ldap-253-5.el4.i386.rpm SHA-256: 188ac02beb075d3cbdbcf12152abd525de984a4e879b32b588f54c63ad0aa3c8
nss_ldap-253-5.el4.x86_64.rpm SHA-256: 1fabca824ef513f11fd6a764455a721cda08590c7a3dbeb25ba20a42b4a81f8d
ia64
nss_ldap-253-5.el4.i386.rpm SHA-256: 188ac02beb075d3cbdbcf12152abd525de984a4e879b32b588f54c63ad0aa3c8
nss_ldap-253-5.el4.ia64.rpm SHA-256: bf367983d875c1f1fe9cadf0f8c59d408d5caf62abc35b38d51a1fba45ba4d7f
i386
nss_ldap-253-5.el4.i386.rpm SHA-256: 188ac02beb075d3cbdbcf12152abd525de984a4e879b32b588f54c63ad0aa3c8

Red Hat Enterprise Linux Desktop 4

SRPM
nss_ldap-253-5.el4.src.rpm SHA-256: a6e98abade0a8a21f917bb5be4ec308de666421768e8bcabf0c45cb90d917eff
x86_64
nss_ldap-253-5.el4.i386.rpm SHA-256: 188ac02beb075d3cbdbcf12152abd525de984a4e879b32b588f54c63ad0aa3c8
nss_ldap-253-5.el4.x86_64.rpm SHA-256: 1fabca824ef513f11fd6a764455a721cda08590c7a3dbeb25ba20a42b4a81f8d
i386
nss_ldap-253-5.el4.i386.rpm SHA-256: 188ac02beb075d3cbdbcf12152abd525de984a4e879b32b588f54c63ad0aa3c8

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
nss_ldap-253-5.el4.src.rpm SHA-256: a6e98abade0a8a21f917bb5be4ec308de666421768e8bcabf0c45cb90d917eff
s390x
nss_ldap-253-5.el4.s390.rpm SHA-256: 73b7035fd5673c3482fb67037ad48d451be7a9e22b12188db01a9391ad7bc434
nss_ldap-253-5.el4.s390x.rpm SHA-256: 92cb7d52aeff1f9c97cc7b755c635b3aac64d5fda888fd7daa3752ed8cc412e0
s390
nss_ldap-253-5.el4.s390.rpm SHA-256: 73b7035fd5673c3482fb67037ad48d451be7a9e22b12188db01a9391ad7bc434

Red Hat Enterprise Linux for Power, big endian 4

SRPM
nss_ldap-253-5.el4.src.rpm SHA-256: a6e98abade0a8a21f917bb5be4ec308de666421768e8bcabf0c45cb90d917eff
ppc
nss_ldap-253-5.el4.ppc.rpm SHA-256: 6097ec6107163049b480b4f1a6229aa61d67c49cf1bee669a8123129a0c84d88
nss_ldap-253-5.el4.ppc64.rpm SHA-256: 85bc37ecef63b63f518dd83bff1646aa9a1dc49893640e1059386595546a58c0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter