blob: 2bb074f43f25d186c895ffbee6151f04bb93f04e [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200701-19">
<title>OpenLDAP: Insecure usage of /tmp during installation</title>
A shell script commonly released with OpenLDAP makes insecure usage of
files in /tmp during the emerge process.
<product type="ebuild">openldap</product>
<announced>January 23, 2007</announced>
<revised>March 11, 2007: 02</revised>
<package name="net-nds/openldap" auto="yes" arch="*">
<unaffected range="ge">2.1.30-r10</unaffected>
<unaffected range="ge">2.2.28-r7</unaffected>
<unaffected range="ge">2.3.30-r2</unaffected>
<vulnerable range="lt">2.1.30-r10</vulnerable>
<vulnerable range="lt">2.2.28-r7</vulnerable>
<vulnerable range="lt">2.3.30-r2</vulnerable>
OpenLDAP Software is an open source implementation of the Lightweight
Directory Access Protocol.
Tavis Ormandy of the Gentoo Linux Security Team has discovered that the
file distributed with the Gentoo ebuild for OpenLDAP does
not exit upon the existence of a directory in /tmp during installation
allowing for directory traversal.
<impact type="low">
A local attacker could create a symbolic link in /tmp and potentially
overwrite arbitrary system files upon a privileged user emerging
There is no known workaround at this time.
All OpenLDAP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;net-nds/openldap&quot;</code>
<uri link="">CVE-2007-0476</uri>
<metadata tag="requester" timestamp="Sat, 13 Jan 2007 21:20:49 +0000">
<metadata tag="bugReady" timestamp="Sun, 14 Jan 2007 21:54:19 +0000">
<metadata tag="submitter" timestamp="Mon, 15 Jan 2007 00:28:23 +0000">