Title: OpenLDAP /usr/tmp/ Symlink Vulnerability
Severity: MODERATE
Description:
A vulnerability exists in OpenLDAP as shipped with some versions of Linux, including RedHat 6.1 and 6.2, and TurboLinux 6.0.2 and earlier. OpenLDAP will create files in /usr/tmp, which is actually a symbolic link to the world writable /tmp directory. As OpenLDAP does not check for a files existence prior to opening the files in /usr/tmp, it is possible for an attacker to point an appropriately named symbolic link at any file on the filesystem, and cause it to be destroyed.
This vulnerability will also affect any Unix system with OpenLDAP assuming the following criteria is true:
1) slapd.conf configures the "directory" variable to be /usr/tmp
2) /usr/tmp is a world writable directory.
3) slurpd was built with the DEFAULT_SLURPD_REPLICA_DIR set to /usr/tmp
Affected Products:
- MandrakeSoft Linux Mandrake 6.1.0
- MandrakeSoft Linux Mandrake 7.0.0
- OpenLDAP OpenLDAP 1.2.10
- OpenLDAP OpenLDAP 1.2.7
- OpenLDAP OpenLDAP 1.2.8
- OpenLDAP OpenLDAP 1.2.9
- RedHat Linux 6.1.0
- RedHat Linux 6.1.0 alpha
- RedHat Linux 6.1.0 i386
- RedHat Linux 6.1.0 sparc
- RedHat Linux 6.2.0
- RedHat Linux 6.2.0 alpha
- RedHat Linux 6.2.0 i386
- RedHat Linux 6.2.0 sparc
- RedHat openldap-1.2.7-2.i386.rpm 0.0.0
- RedHat openldap-1.2.9-5.i386.rpm 0.0.0
- Turbolinux Turbolinux 4.2.0
- Turbolinux Turbolinux 4.4.0
- Turbolinux Turbolinux 6.0.2
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
