---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Debian update for ldap-account-manager SECUNIA ADVISORY ID: SA25157 VERIFY ADVISORY: http://secunia.com/advisories/25157/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Privilege escalation WHERE: >From remote REVISION: 1.1 originally posted 2007-05-08 OPERATING SYSTEM: Debian GNU/Linux 3.1 http://secunia.com/product/5307/ DESCRIPTION: Debian has issued an update for ldap-account-manager. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform actions with escalated privileges and by malicious users to conduct script insertion attacks. 1) An error in LDAP Account Manager can be exploited by malicious people to conduct script insertion attacks. For more information: SA24687 2) An error in lamdaemon.pl can potentially be exploited to execute arbitrary code with escalated privileges by specifying a modified PATH variable to a malicious "rm" program. SOLUTION: Apply updated packages. -- Debian 3.1 (oldstable) -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9-2sarge1.dsc Size/MD5 checksum: 629 e35751aee6f3d2658caa7f7e605b7c69 http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9-2sarge1.diff.gz Size/MD5 checksum: 12059 4c853e7304c431d7da29e8988bafff7a http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9.orig.tar.gz Size/MD5 checksum: 423988 6478d91210dbf13c9d49b7aa1a971be1 Architecture independent packages: http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9-2sarge1_all.deb Size/MD5 checksum: 408360 47e7959aedbc6f62a3c266708d8208a8 CHANGELOG: 2007-05-08: Updated "Description" section. ORIGINAL ADVISORY: http://www.us.debian.org/security/2007/dsa-1287 OTHER REFERENCES: SA24687: http://secunia.com/advisories/24687/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------