|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#778916
pam_ldap authentication bypass vulnerability
OverviewAn error in the pam_ldap password policy control may allow a remote attacker to gain access to a system.
I. Descriptionpam_ldap provides LDAP authentication services for UNIX-based systems. A vulnerability in pam_ldap may allow a remote attacker to bypass the authentication mechanism. If a pam_ldap client attempts to authenticate against an LDAP server that omits the optional error value from the PasswordPolicyResponseValue, the authentication attempt will always succeed.
Note that this vulnerability affects all versions of pam_ldap since version pam_ldap-169. However, if the underlying LDAP client library does not support LDAP version 3 controls, then this vulnerability is not present.
II. ImpactAn unauthenticated, remote attacker may be able to bypass the pam_ldap authentication mechanism and gain access to a system, possibly with elevated privileges.
III. SolutionUpgrade pam_ldap
This vulnerability was corrected in pam_ldap-180.
Systems Affected
| Vendor | Status | Date Updated |
|---|
| Apple Computer, Inc. | Not Vulnerable | 10-Oct-2005 |
| Computer Associates | Unknown | 19-Aug-2005 |
| Debian Linux | Vulnerable | 25-Aug-2005 |
| Engarde Secure Linux | Unknown | 19-Aug-2005 |
| Hewlett-Packard Company | Not Vulnerable | 31-Aug-2005 |
| Hitachi | Not Vulnerable | 15-Sep-2005 |
| IBM Corporation | Unknown | 19-Aug-2005 |
| IBM Corporation (zseries) | Unknown | 19-Aug-2005 |
| IBM eServer | Unknown | 19-Aug-2005 |
| Immunix Communications, Inc. | Unknown | 19-Aug-2005 |
| Ingrian Networks, Inc. | Unknown | 19-Aug-2005 |
| Lotus Software | Unknown | 19-Aug-2005 |
| Mandriva, Inc. | Unknown | 19-Aug-2005 |
| Mandriva, Inc. | Unknown | 19-Aug-2005 |
| Microsoft Corporation | Not Vulnerable | 28-Sep-2005 |
| Mirapoint, Inc. | Unknown | 19-Aug-2005 |
| MontaVista Software, Inc. | Unknown | 19-Aug-2005 |
| Netscape Communications Corporation | Unknown | 19-Aug-2005 |
| Novell, Inc. | Unknown | 19-Aug-2005 |
| OctetString, Inc. | Unknown | 19-Aug-2005 |
| OpenLDAP | Unknown | 19-Aug-2005 |
| Openwall GNU/*/Linux | Not Vulnerable | 6-Sep-2005 |
| Oracle Corporation | Not Vulnerable | 6-Sep-2005 |
| PADL | Vulnerable | 25-Aug-2005 |
| QUALCOMM Incorporated | Unknown | 19-Aug-2005 |
| Red Hat, Inc. | Vulnerable | 2-Nov-2005 |
| Sequent Computer Systems, Inc. | Unknown | 19-Aug-2005 |
| Sun Microsystems, Inc. | Not Vulnerable | 2-Sep-2005 |
| SUSE Linux | Not Vulnerable | 22-Aug-2005 |
| The SCO Group (SCO Linux) | Unknown | 19-Aug-2005 |
| The Teamware Group | Unknown | 19-Aug-2005 |
| Turbolinux | Unknown | 19-Aug-2005 |
References
http://www.padl.com/OSS/pam_ldap.html
http://secunia.com/advisories/16518/
Credit
This vulnerability was reported by Luke Howard of PADL.
This document was written by Jeff Gennari.
Other Information
| Date Public | 08/24/2005 |
| Date First Published | 08/24/2005 01:07:56 PM |
| Date Last Updated | 11/02/2005 |
| CERT Advisory | |
| CVE-ID(s) | CAN-2005-2641 |
| NVD-ID(s) | CAN-2005-2641 |
| US-CERT Technical Alerts | |
| Metric | 8.15 |
| Document Revision | 54 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader