Secunia Security Advisory - Debian has issued an update for ldap-account-manager. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform actions with escalated privileges and by malicious users to conduct script insertion attacks.
27e165ec144b4858c1a4daedf3f4a3833f9fbc6e933157418d48901eb64bf6c4
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
Join the FREE BETA test of the Network Software Inspector (NSI)!
http://secunia.com/network_software_inspector/
The NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Debian update for ldap-account-manager
SECUNIA ADVISORY ID:
SA25157
VERIFY ADVISORY:
http://secunia.com/advisories/25157/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting, Privilege escalation
WHERE:
>From remote
REVISION:
1.1 originally posted 2007-05-08
OPERATING SYSTEM:
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
DESCRIPTION:
Debian has issued an update for ldap-account-manager. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
perform actions with escalated privileges and by malicious users to
conduct script insertion attacks.
1) An error in LDAP Account Manager can be exploited by malicious
people to conduct script insertion attacks.
For more information:
SA24687
2) An error in lamdaemon.pl can potentially be exploited to execute
arbitrary code with escalated privileges by specifying a modified
PATH variable to a malicious "rm" program.
SOLUTION:
Apply updated packages.
-- Debian 3.1 (oldstable) --
Oldstable updates are available for alpha, amd64, arm, hppa, i386,
ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9-2sarge1.dsc
Size/MD5 checksum: 629 e35751aee6f3d2658caa7f7e605b7c69
http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9-2sarge1.diff.gz
Size/MD5 checksum: 12059 4c853e7304c431d7da29e8988bafff7a
http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9.orig.tar.gz
Size/MD5 checksum: 423988 6478d91210dbf13c9d49b7aa1a971be1
Architecture independent packages:
http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9-2sarge1_all.deb
Size/MD5 checksum: 408360 47e7959aedbc6f62a3c266708d8208a8
CHANGELOG:
2007-05-08: Updated "Description" section.
ORIGINAL ADVISORY:
http://www.us.debian.org/security/2007/dsa-1287
OTHER REFERENCES:
SA24687:
http://secunia.com/advisories/24687/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed