Rapid7 Vulnerability & Exploit Database

RHSA-2010:0590: Red Hat Directory Server security and enhancement update

Back to Search

RHSA-2010:0590: Red Hat Directory Server security and enhancement update



Updated Red Hat Directory Server and related packages that fix one security issue, multiple bugs, and add enhancements are now available as Red Hat Directory Server 8.2. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Red Hat Directory Server is an LDAPv3-compliant directory server. The redhat-ds-base package includes the LDAP server and command line utilities for server administration. Directory Server setup scripts created cache files, containing passwords for the Directory and Administration Server administrative accounts, with weak file permissions. A local user could use this flaw to obtain authentication credentials for the administrative accounts. (CVE-2010-2241) This update also adds the following enhancements: * Entry USN - The Entry USN Plug-in provides a way for LDAP clients to know that something in the database has changed by generating a global update sequence number (USN) for every write operation. * Linked Attributes - The new Linked Attributes Plug-in uses the DN value of a known attribute to trace its way to the referenced entry, and then it adds a reciprocal value, pointing back to the first entry. * Bitwise Search - This release adds support for bit field values in LDAP searches. * Dereference Control - This release adds server support for the dereference control in LDAP searches. A dereferencing search tracks back over cross-references in an entry and returns information about the referenced entry. * PAM Pass-through Plug-in - The PAM PTA plug-in allows Directory Server to leverage a network's existing PAM service to authenticate users. * SMD5 Password Storage Scheme - Passwords can now be stored with the salted MD5 password hash. * Syntax Checking - A new syntax validation plug-in verifies that the value given for an attribute in an operation matches the required syntax for that attribute. * Anonymous Resource Limits - A new server configuration attribute enables the Directory Server to apply resource limits to anonymous binds. * Anonymous Access Switch - A new server configuration attribute tells the Directory Server to disable anonymous binds for added security. * Secure Binds Switch - A new server configuration attribute tells the Directory Server to require a secure connection of some kind for any simple binds. * SSF Restrictions - A new server configuration attribute allows administrators to set a minimum Security Strength Factor (SSF) for all connections to the server, which can require a secure connection. * Mixed SASL/TLS Connections - Now, the server can have both SASL and TLS configured. * Setting Plug-in Load Orders - A new plug-in configuration attribute sets the load order preference for the plug-in, anywhere from 1 to 99. This effectively sets the load order for plug-ins of the same type. * Named Pipe Log Script - A new directory script allows logging data to be sent to a named pipe instead of the standard server logs. * Simple Paged Results - This release adds server support for results of LDAP searches to be broken into pages. * New Matching Rule and Attribute Syntaxes - This release adds support for several new matching rules and 11 new attribute syntaxes. These packages also contain many bug fixes for major features in Red Hat Directory Server, including replication, synchronization, setup and migration, command line tools, the Java console, and the Administration Server. Refer to the Red Hat Directory Server 8.2 Release Notes for further information: http://www.redhat.com/docs/manuals/dir-server/8.2/rel-notes/html All Red Hat Directory Server users should upgrade to Red Hat Directory Server 8.2, which resolves these issues and adds these enhancements.


  • redhat-upgrade-idm-console-framework
  • redhat-upgrade-jss
  • redhat-upgrade-redhat-admin-console
  • redhat-upgrade-redhat-ds
  • redhat-upgrade-redhat-ds-admin
  • redhat-upgrade-redhat-ds-base
  • redhat-upgrade-redhat-ds-base-devel
  • redhat-upgrade-redhat-ds-console
  • redhat-upgrade-redhat-idm-console

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center