--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2002-33
http://www/turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Pam_ldap
Root authority capture by unauthorized user
Release date : 2002-06-17
Solution: package : pam_ldap-148-1
Problematical point
There is a possibility of root authority being captured by unauthorized user.
Solution:
Please verify version and execute the command below.
# rpm -qa | grep package name
When problem corresponds, please download the update package. Do the update by the using the command below.
Furthermore, please execute the package number which corresponds to your version number. Without starting a new paragraph, please enter the "\ " Bunchu sign.
Execution example
---------------------------------------------------------------------
# rpm -Fvh Package-1.0.0-1.i586.rpm \
Package-doc-1.0.0-1.i586.rpm \
Package-devel-1.0.0-1.i586.rpm
The case where rpm command is executed, please enter as follows on the command line.
# rpm -Fvh package-1.0.0-1.i586.rpm package-doc-1.0.0-1.i586.rpm package-devel-1.0.0-1.i586.rpm
---------------------------------------------------------------------
< Turbolinux 8 Workstation >
< Turbolinux 7 Server >
< Turbolinux 7 Workstation >
# rpm -Fvh pam_ldap-148-1.i586.rpm
< Turbolinux Server 6.0 >
# rpm -e am-utils
# rpm -Uvh autofs-3.1.6-1.i386.rpm \
ldconfig-1.9.5-18.i386.rpm
# rpm -Uvh rpm-3.0.6-17.i386.rpm \
popt-1.5-17.i386.rpm \
bzip2-0.9.5d-3.i386.rpm \
cyrus-sasl-1.5.24-15.i386.rpm \
cyrus-sasl-devel-1.5.24-15.i386.rpm
# rpm -Fvh pam-0.74-4.i386.rpm \
cracklib-2.7-7.i386.rpm \
cracklib-dicts-2.7-7.i386.rpm \
openldap-2.0.23-1.i386.rpm \
openldap-devel-2.0.23-1.i386.rpm \
openldap-libs-2.0.23-1.i386.rpm \
openldap-servers-2.0.23-1.i386.rpm \
nss_ldap-116-2.i386.rpm \
libtool-1.3.5-3.i386.rpm \
pam_ldap-148-1.i386.rpm
Package updates:
http://www.turbolinux.co.jp/update/