Vulnerability Note VU#778916
pam_ldap authentication bypass vulnerability
Overview
An error in the pam_ldap password policy control may allow a remote attacker to gain access to a system.
Description
pam_ldap provides LDAP authentication services for UNIX-based systems. A vulnerability in pam_ldap may allow a remote attacker to bypass the authentication mechanism. If a pam_ldap client attempts to authenticate against an LDAP server that omits the optional error value from the PasswordPolicyResponseValue, the authentication attempt will always succeed. Note that this vulnerability affects all versions of pam_ldap since version pam_ldap-169. However, if the underlying LDAP client library does not support LDAP version 3 controls, then this vulnerability is not present. |
Impact
An unauthenticated, remote attacker may be able to bypass the pam_ldap authentication mechanism and gain access to a system, possibly with elevated privileges. |
Solution
Upgrade pam_ldap This vulnerability was corrected in pam_ldap-180. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Debian Linux | Affected | 19 Aug 2005 | 25 Aug 2005 |
| PADL | Affected | 16 Aug 2005 | 25 Aug 2005 |
| Red Hat, Inc. | Affected | 19 Aug 2005 | 02 Nov 2005 |
| Apple Computer, Inc. | Not Affected | 19 Aug 2005 | 10 Oct 2005 |
| Hewlett-Packard Company | Not Affected | 19 Aug 2005 | 31 Aug 2005 |
| Hitachi | Not Affected | - | 15 Sep 2005 |
| Microsoft Corporation | Not Affected | 19 Aug 2005 | 28 Sep 2005 |
| Openwall GNU/*/Linux | Not Affected | 19 Aug 2005 | 06 Sep 2005 |
| Oracle Corporation | Not Affected | 19 Aug 2005 | 06 Sep 2005 |
| Sun Microsystems, Inc. | Not Affected | 19 Aug 2005 | 02 Sep 2005 |
| SUSE Linux | Not Affected | 19 Aug 2005 | 22 Aug 2005 |
| Computer Associates | Unknown | 19 Aug 2005 | 19 Aug 2005 |
| Engarde Secure Linux | Unknown | 19 Aug 2005 | 19 Aug 2005 |
| IBM Corporation | Unknown | 19 Aug 2005 | 19 Aug 2005 |
| IBM Corporation (zseries) | Unknown | 19 Aug 2005 | 19 Aug 2005 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
This vulnerability was reported by Luke Howard of PADL.
This document was written by Jeff Gennari.
Other Information
- CVE IDs: CAN-2005-2641
- Date Public: 24 Aug 2005
- Date First Published: 24 Aug 2005
- Date Last Updated: 02 Nov 2005
- Severity Metric: 8.15
- Document Revision: 54
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.