COMMAND

	openldap setuid .ldaprc buffer overflow

SYSTEMS AFFECTED

	openldap all prior to 1.2.13-2 ?

PROBLEM

	In RedHat security advisory [RHSA-2003:040-07] :
	
	 http://www.redhat.com/solutions/security/news/
	
	--snip--
	
	OpenLDAP is a suite of  LDAP  (Lightweight  Directory  Access  Protocol)
	applications and development tools. LDAP  is  a  set  of  protocols  for
	accessing directory services. In an audit of OpenLDAP by SuSE, a  number
	of potential security issues were found:
	
	When reading configuration files, libldap would read the current  user's
	.ldaprc file even in applications being run with elevated privileges.
	
	Slurpd would overflow an internal buffer if  the  command-line  argument
	used with the -t or -r flags was too long, or if the name of a file  for
	which it attempted to create an advisory lock was too long.
	
	When parsing filters, the getfilter family  of  functions  from  libldap
	could be made to overflow an internal buffer by  supplying  a  carefully
	crafted ldapfilter.conf file.
	
	When processing LDAP entry display templates, libldap could be  made  to
	overflow  an  internal  buffer   by   supplying   a   properly   crafted
	ldaptemplates.conf file.
	
	When parsing an access control list, slapd could be made to overflow  an
	internal buffer.
	
	When constructing the  name  of  the  file  used  for  logging  rejected
	replication requests, slapd would overflow an  internal  buffer  if  the
	size of the generated name was too large,  and  could  be  tricked  into
	destroying the contents of any file owned by the  ldap  user  due  to  a
	race condition in the subsequent creation of the log file.
	
	Red Hat Linux users who use LDAP are  advised  to  install  the  updated
	openldap packages which are not vulnerable to these issues.
	
	--snap--

SOLUTION

	openldap-1.2.13-2 available