Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Low: Red Hat Directory Server security and enhancement update

Related Vulnerabilities: CVE-2010-2241   CVE-2010-2241  

Source

Synopsis

Low: Red Hat Directory Server security and enhancement update

Type/Severity

Security Advisory: Low

Topic

Updated Red Hat Directory Server and related packages that fix one security
issue, multiple bugs, and add enhancements are now available as Red Hat
Directory Server 8.2.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Red Hat Directory Server is an LDAPv3-compliant directory server. The
redhat-ds-base package includes the LDAP server and command line utilities
for server administration.

Directory Server setup scripts created cache files, containing passwords
for the Directory and Administration Server administrative accounts, with
weak file permissions. A local user could use this flaw to obtain
authentication credentials for the administrative accounts. (CVE-2010-2241)

This update also adds the following enhancements:

  • Entry USN - The Entry USN Plug-in provides a way for LDAP clients to know
    that something in the database has changed by generating a global update
    sequence number (USN) for every write operation.
  • Linked Attributes - The new Linked Attributes Plug-in uses the DN value
    of a known attribute to trace its way to the referenced entry, and then it
    adds a reciprocal value, pointing back to the first entry.
  • Bitwise Search - This release adds support for bit field values in LDAP
    searches.
  • Dereference Control - This release adds server support for the
    dereference control in LDAP searches. A dereferencing search tracks back
    over cross-references in an entry and returns information about the
    referenced entry.
  • PAM Pass-through Plug-in - The PAM PTA plug-in allows Directory Server to
    leverage a network's existing PAM service to authenticate users.
  • SMD5 Password Storage Scheme - Passwords can now be stored with the
    salted MD5 password hash.
  • Syntax Checking - A new syntax validation plug-in verifies that the value
    given for an attribute in an operation matches the required syntax for that
    attribute.
  • Anonymous Resource Limits - A new server configuration attribute enables
    the Directory Server to apply resource limits to anonymous binds.
  • Anonymous Access Switch - A new server configuration attribute tells the
    Directory Server to disable anonymous binds for added security.
  • Secure Binds Switch - A new server configuration attribute tells the
    Directory Server to require a secure connection of some kind for any simple
    binds.
  • SSF Restrictions - A new server configuration attribute allows
    administrators to set a minimum Security Strength Factor (SSF) for all
    connections to the server, which can require a secure connection.
  • Mixed SASL/TLS Connections - Now, the server can have both SASL and TLS
    configured.
  • Setting Plug-in Load Orders - A new plug-in configuration attribute sets
    the load order preference for the plug-in, anywhere from 1 to 99. This
    effectively sets the load order for plug-ins of the same type.
  • Named Pipe Log Script - A new directory script allows logging data to be
    sent to a named pipe instead of the standard server logs.
  • Simple Paged Results - This release adds server support for results of
    LDAP searches to be broken into pages.
  • New Matching Rule and Attribute Syntaxes - This release adds support for
    several new matching rules and 11 new attribute syntaxes.

These packages also contain many bug fixes for major features in Red Hat
Directory Server, including replication, synchronization, setup and
migration, command line tools, the Java console, and the Administration
Server. Refer to the Red Hat Directory Server 8.2 Release Notes for further
information:

http://www.redhat.com/docs/manuals/dir-server/8.2/rel-notes/html

All Red Hat Directory Server users should upgrade to Red Hat Directory
Server 8.2, which resolves these issues and adds these enhancements.

Solution

Users running Red Hat Directory Server should consult the Red Hat Directory
Server 8.2 Release Notes for installation and upgrade instructions:

http://www.redhat.com/docs/manuals/dir-server/8.2/rel-notes/html

Affected Products

  • Red Hat Directory Server 8 x86_64
  • Red Hat Directory Server 8 i386

Fixes

  • BZ - 608032 - CVE-2010-2241 redhat-ds: setup script insecure .inf file permissions

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started