Security update for novell-lum
Knowledgebase
(Last modified: 13SEP2006)
solutions Security update for novell-lum SuSE Linux Maintenance Web (0eb7250eee3dea00b90e32a72fc0b6f4)
Product(s): SUSE SLED 10 for x86
SUSE SLED 10 for AMD64 and Intel EM64T
Patch: patch-11207
Release: 20060913
Obsoletes: none
novell-lum
:- Several buffer overflows. (CVE-2006-2622)
- The SSL certificate handling is vulnerable to a man-in-the-middle attack. (CVE-2006-2623)
- A possible format string bug in a PAM function. (CVE-2006-2624)
- Poisoning credential cache can lead to local privilege escalation. (CVE-2006-2625)
- Overwriting user's
surname
withcn
- Redundant calls to LDAP.
- An issue with returning a partial list for group members if the buffer size passed to LUM is too small.
- Issues related to an uninitialized variable when LUM runs from the cache and then needs to go to LDAP to get data.
- Potential segmentation fault under heavy load.
- The intruder count could be incremented by four on one incorrect login attempt.
- Users are not case sensitive when not using cache only mode.
rpm -Fvh novell-lum.rpm
Download Source Packages
Download the source code of the patches for maintained products.
Disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.