blob: 52d8604c26cc68dde9677116b65faa4943974c48 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200512-07">
<title>OpenLDAP, Gauche: RUNPATH issues</title>
OpenLDAP and Gauche suffer from RUNPATH issues that may allow users in the
"portage" group to escalate privileges.
<product type="ebuild">OpenLDAP Gauche</product>
<announced>December 15, 2005</announced>
<revised>December 30, 2007: 03</revised>
<package name="net-nds/openldap" auto="yes" arch="*">
<unaffected range="ge">2.2.28-r3</unaffected>
<unaffected range="rge">2.1.30-r6</unaffected>
<vulnerable range="lt">2.2.28-r3</vulnerable>
<package name="dev-scheme/gauche" auto="yes" arch="*">
<unaffected range="ge">0.8.6-r1</unaffected>
<vulnerable range="lt">0.8.6-r1</vulnerable>
OpenLDAP is a suite of LDAP-related application and development tools.
Gauche is an R5RS Scheme interpreter.
Gentoo packaging for OpenLDAP and Gauche may introduce insecure paths
into the list of directories that are searched for libraries at
<impact type="low">
A local attacker, who is a member of the "portage" group, could create
a malicious shared object in the Portage temporary build directory that
would be loaded at runtime by a dependent binary, potentially resulting
in privilege escalation.
Only grant "portage" group rights to trusted users.
All OpenLDAP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose net-nds/openldap</code>
All Gauche users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=dev-scheme/gauche-0.8.6-r1&quot;</code>
<uri link="">CVE-2005-4442</uri>
<uri link="">CVE-2005-4443</uri>
<metadata tag="submitter" timestamp="Wed, 14 Dec 2005 13:30:23 +0000">
<metadata tag="bugReady" timestamp="Wed, 14 Dec 2005 13:31:28 +0000">