from:"mike Bernson"

[Bug 632051] Re: slapd dist-upgrade chown: invalid argument: `'

2010-09-07 Thread mike Bernson

This is a security problem because it stop an package which has security
problems from being updated.

Package: slapd (2.4.15-1ubuntu3.1) [security]

from package changelog:

openldap (2.4.15-1ubuntu3.1) jaunty-security; urgency=low

  * SECURITY UPDATE: null ptr deref, free uninitialized data in modrdn calls
- openldap-2.4.22-CVE-2010-0211-modrdn_check_error.patch:
  - check return for errors and clean up uninitialized data
- openldap-2.4.22-CVE-2010-0212-modrdn_null_deref.patch:
  - return error on 0-length or binary RDNs
- CVE-2010-0211, CVE-2010-0212

 -- Steve Beattie sbeat...@ubuntu.com  Wed, 28 Jul 2010 23:28:31 -0700


** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0211

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0212

-- 
slapd dist-upgrade chown: invalid argument: `'
https://bugs.launchpad.net/bugs/632051
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 632051] Re: slapd dist-upgrade chown: invalid argument: `'

2010-09-07 Thread mike Bernson

ba...@work-isp:~$ sudo sh -c ls -l /etc/ldap/slapd.d/cn=config/olcDatabase*
ls: cannot access /etc/ldap/slapd.d/cn=config/olcDatabase*: No such file or 
directory

ba...@work-isp:~$ sudo sh -c grep olcSuffix: 
/etc/ldap/slapd.d/cn=config/olcDatabase*
grep: /etc/ldap/slapd.d/cn=config/olcDatabase*: No such file or directory

ba...@work-isp:~$ sudo sh -c grep olcDbDirectory: 
/etc/ldap/slapd.d/cn=config/olcDatabase*
grep: /etc/ldap/slapd.d/cn=config/olcDatabase*: No such file or directory

ba...@work-isp:~$ ls /etc/ldap
data  ldap.conf  ldap.doc  sasl2  schema  slapd.conf


ba...@work-isp:~$ ls -R /etc/ldap
/etc/ldap:
data  ldap.conf  ldap.doc  sasl2  schema  slapd.conf

/etc/ldap/data:
aa data.ldif.try1  data.ldif.try3  intervivaz.ldif
data.ldif  data.ldif.try2  data.ldif.try4  reload

/etc/ldap/sasl2:

/etc/ldap/schema:
amavis.schema core.schema inetorgperson.schema  nis.schema
authldap.schema   cosine.ldif java.schema   openldap.ldif
authldap.schema.orig  cosine.schema   misc.ldif openldap.schema
collective.schema duaconf.schema  misc.schema   pmi.schema
corba.schema  dyngroup.schema nadf.schema   ppolicy.schema
core.ldif inetorgperson.ldif  nis.ldif  README


ldap.conf:
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URIldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT  12
#TIMELIMIT  15
#DEREF  never

slapd.conf:
include /etc/ldap/schema/core.schema
##include /etc/ldap/schema/collective.schema
##include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
##include /etc/ldap/schema/duaconf.schema
##include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
##include /etc/ldap/schema/java.schema
#include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
##include /etc/ldap/schema/openldap.schema
##include /etc/ldap/schema/ppolicy.schema
##include /etc/ldap/schema/pmi.schema
#include /usr/local/etc/ldap/samba.schema
#include /usr/local/etc/ldap/sq_prefs.schema
#include /usr/local/etc/ldap/squirrelmail.schema.OpenLDAP-2.1.x
include /etc/ldap/schema/authldap.schema

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile/var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
#loglevelnone
#loglevel filter stats
loglevel stats
#loglevel 32767

# Where the dynamically loaded modules are stored
modulepath  /usr/lib/ldap
moduleload  back_hdb
moduleload  syncprov

# The maximum number of entries that is returned for a search operation
sizelimit 5000

# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1

# specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
databasehdb
suffix  dc=domain
rootdn  cn=admin,dc=domain
rootpw  {SSHA}some text for a password
directory   /var/lib/ldap

#add to indexes to the below list
#/etc/init.d/slapd stop
#slapindex -f /etc/ldap/slapd.conf
#cd /var/lib/ldap; chown openldap:openldap *
#/etc/init.d/slapd start

index   objectClass,mail,mailbox,associatedDomain eq
index   uid eq
index   uidNumber eq
index   gidNumber eq

dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
lastmod on

# 1) user confirm this is their record
# 2) pam to validate a password for this dn
# 3) pam to change a password for this dn
#we do a start - end match so this is for xxx.ltcd.com style
access to 
dn.regex=^uid=([^,]+),ou=people,dc=([^,]+),dc=([^,]+).dc=([^,]+),dc=domain$
attrs=userPassword,shadowLastChange
by anonymous auth
by dn.exact=cn=dovecot,dc=global,dc=domain read
by dn.exact,expand=cn=admin,dc=$2,dc=$3,dc=$4,dc=domain write
by self write
by * none

#this is start - end need for those .com style
access to dn.regex=^uid=([^,]+),ou=people,dc=([^,]+),dc=([^,]+),dc=domain$
attrs=userPassword,shadowLastChange
by anonymous auth
by dn.exact=cn=dovecot,dc=global,dc=domain read
by dn.exact,expand=cn=admin,dc=$2,dc=$3,dc=$4,dc=domain write
by self write
by * none

#this is start - end need for those .com style
access to dn.regex=^uid=([^,]+),ou=people,dc=([^,]+),dc=([^,]+),dc=domain$
attrs=userPassword,shadowLastChange
by anonymous auth
by dn.exact=cn=dovecot,dc=global,dc=domain read
by dn.exact,expand=cn=admin,dc=$2,dc=$3,dc=domain write
by self write
by * none

# Ensure read access to the base for things like
# supportedSASLMechanisms.  Without

[Bug 632051] Re: slapd dist-upgrade chown: invalid argument: `'

2010-09-07 Thread mike Bernson

changing suffix dc=domain to suffix dc=domain fixed the problem.

Not sure why nothing in ldap/slapd thinks this is a problem but thing look
to be working.

-- 
slapd dist-upgrade chown: invalid argument: `'
https://bugs.launchpad.net/bugs/632051
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 632051] [NEW] slapd dist-upgrade chown: invalid argument: `'

2010-09-06 Thread mike Bernson

*** This bug is a security vulnerability ***

Public security bug reported:

When doing a apt-get dist-upgrade going from  slapd_2.4.15-1ubuntu3_amd64.deb 
to slapd_2.4.15-1ubuntu3.1_amd64.deb
I get the following output:
ba...@work-isp:/tmp$ sudo apt-get dist-upgrade
[sudo] password for batch: 
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Do you want to continue [Y/n]? y
Setting up slapd (2.4.15-1ubuntu3.1) ...
  Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.4.15-1ubuntu3... done.
chown: invalid argument: `'
dpkg: error processing slapd (--configure):
 subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
 slapd
E: Sub-process /usr/bin/dpkg returned an error code (1)

output of lsb_release -rd:
ba...@work-isp:/tmp$ lsb_release -rd
Description:Ubuntu 9.04
Release:9.04

output of apt-cache policy slapd:
ba...@work-isp:/tmp$ apt-cache policy slapd
slapd:
  Installed: 2.4.15-1ubuntu3.1
  Candidate: 2.4.15-1ubuntu3.1
  Version table:
 *** 2.4.15-1ubuntu3.1 0
500 http://us.archive.ubuntu.com jaunty-updates/main Packages
500 http://security.ubuntu.com jaunty-security/main Packages
100 /var/lib/dpkg/status
 2.4.15-1ubuntu3 0
500 http://us.archive.ubuntu.com jaunty/main Packages

I except the package to install without error.

The package did not install correct leaves the sysem with
1 not fully installed or removed

** Affects: openldap (Ubuntu)
 Importance: Undecided
 Status: New

** Visibility changed to: Public

-- 
slapd dist-upgrade chown: invalid argument: `'
https://bugs.launchpad.net/bugs/632051
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 632051] Re: slapd dist-upgrade chown: invalid argument: `'

[Bug 632051] Re: slapd dist-upgrade chown: invalid argument: `'

[Bug 632051] Re: slapd dist-upgrade chown: invalid argument: `'

[Bug 632051] [NEW] slapd dist-upgrade chown: invalid argument: `'

4 matches

Site Navigation

Mail list logo

Footer information