Novell is now a part of Micro Focus

Security update for novell-lum

Knowledgebase

(Last modified: 13SEP2006)


solutions Security update for novell-lum SuSE Linux Maintenance Web (0eb7250eee3dea00b90e32a72fc0b6f4)

Applies to

Package: novell-lum
Product(s): SUSE SLED 10 for x86
SUSE SLED 10 for AMD64 and Intel EM64T
Patch: patch-11207
Release: 20060913
Obsoletes: none

Indications

Everyone using novell-lum should install this update.

Contraindications

None.

Problem description

Various security problems have been found in novell-lum:
  • Several buffer overflows. (CVE-2006-2622)
  • The SSL certificate handling is vulnerable to a man-in-the-middle attack. (CVE-2006-2623)
  • A possible format string bug in a PAM function. (CVE-2006-2624)
  • Poisoning credential cache can lead to local privilege escalation. (CVE-2006-2625)
Additionally, a couple of bugs have been found:
  • Overwriting user's surname with cn
  • Redundant calls to LDAP.
  • An issue with returning a partial list for group members if the buffer size passed to LUM is too small.
  • Issues related to an uninitialized variable when LUM runs from the cache and then needs to go to LDAP to get data.
  • Potential segmentation fault under heavy load.
  • The intruder count could be incremented by four on one incorrect login attempt.
  • Users are not case sensitive when not using cache only mode.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh novell-lum.rpm

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Micro Focus