An error in the pam_ldap password policy control may allow a remote attacker to gain access to a system.
pam_ldap provides LDAP authentication services for UNIX-based systems. A vulnerability in pam_ldap may allow a remote attacker to bypass the authentication mechanism. If a pam_ldap client attempts to authenticate against an LDAP server that omits the optional error value from the PasswordPolicyResponseValue, the authentication attempt will always succeed.
Note that this vulnerability affects all versions of pam_ldap since version pam_ldap-169. However, if the underlying LDAP client library does not support LDAP version 3 controls, then this vulnerability is not present.
An unauthenticated, remote attacker may be able to bypass the pam_ldap authentication mechanism and gain access to a system, possibly with elevated privileges.
This vulnerability was corrected in pam_ldap-180.
Red Hat, Inc.
Apple Computer, Inc.
Sun Microsystems, Inc.
Engarde Secure Linux
IBM Corporation (zseries)
Immunix Communications, Inc.
Ingrian Networks, Inc.
MontaVista Software, Inc.
Netscape Communications Corporation
Sequent Computer Systems, Inc.
The SCO Group (SCO Linux)
The Teamware Group
This vulnerability was reported by Luke Howard of PADL
|Date First Published:||2005-08-24|
|Date Last Updated:||2005-11-02 17:47 UTC|