Vulnerability Note VU#778916

pam_ldap authentication bypass vulnerability

Original Release date: 24 Aug 2005 | Last revised: 02 Nov 2005

Overview

An error in the pam_ldap password policy control may allow a remote attacker to gain access to a system.

Description

pam_ldap provides LDAP authentication services for UNIX-based systems. A vulnerability in pam_ldap may allow a remote attacker to bypass the authentication mechanism. If a pam_ldap client attempts to authenticate against an LDAP server that omits the optional error value from the PasswordPolicyResponseValue, the authentication attempt will always succeed.

Note that this vulnerability affects all versions of pam_ldap since version pam_ldap-169. However, if the underlying LDAP client library does not support LDAP version 3 controls, then this vulnerability is not present.

Impact

An unauthenticated, remote attacker may be able to bypass the pam_ldap authentication mechanism and gain access to a system, possibly with elevated privileges.

Solution

Upgrade pam_ldap

This vulnerability was corrected in pam_ldap-180.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Debian LinuxAffected19 Aug 200525 Aug 2005
PADLAffected16 Aug 200525 Aug 2005
Red Hat, Inc.Affected19 Aug 200502 Nov 2005
Apple Computer, Inc.Not Affected19 Aug 200510 Oct 2005
Hewlett-Packard CompanyNot Affected19 Aug 200531 Aug 2005
HitachiNot Affected-15 Sep 2005
Microsoft CorporationNot Affected19 Aug 200528 Sep 2005
Openwall GNU/*/LinuxNot Affected19 Aug 200506 Sep 2005
Oracle CorporationNot Affected19 Aug 200506 Sep 2005
Sun Microsystems, Inc.Not Affected19 Aug 200502 Sep 2005
SUSE LinuxNot Affected19 Aug 200522 Aug 2005
Computer AssociatesUnknown19 Aug 200519 Aug 2005
Engarde Secure LinuxUnknown19 Aug 200519 Aug 2005
IBM CorporationUnknown19 Aug 200519 Aug 2005
IBM Corporation (zseries)Unknown19 Aug 200519 Aug 2005
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Luke Howard of PADL.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CAN-2005-2641
  • Date Public: 24 Aug 2005
  • Date First Published: 24 Aug 2005
  • Date Last Updated: 02 Nov 2005
  • Severity Metric: 8.15
  • Document Revision: 54

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.