Mandrake Linux Security Advisory : nss_ldap (MDKSA-2005:121)
Medium Nessus Plugin ID 19226
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionRob Holland, of the Gentoo Security Audit Team, discovered that pam_ldap and nss_ldap would not use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the 'ssl start_tls' setting in ldap.conf.
As well, a bug in nss_ldap in Corporate Server and Mandrake 10.0 has been fixed that caused crond, and other applications, to crash as a result of clients receiving a SIGPIPE signal when attempting to issue a new search request to a directory server that is no longer available.
The updated packages have been patched to address this issue.
SolutionUpdate the affected nss_ldap and / or pam_ldap packages.