pam_ldap Password Policy Control Error Lets Remote Users Bypass Authentication
|
|
SecurityTracker Alert ID: 1014788
|
|
SecurityTracker URL: http://securitytracker.com/id?1014788
|
|
CVE Reference: CAN-2005-2641
(Links to External Site)
|
Date: Aug 25 2005
|
Impact: Host/resource access via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 169 - 180
|
Description: A vulnerability was reported in pam_ldap. A remote user may be able to gain acces to a system that uses pam_ldap.
The pam_ldap password policy control contains a flaw that may allow a remote user to bypass authentication. A remote user can attempt
to authenticate against an LDAP server that omits the optional error value from the PasswordPolicyResponseValue to sucessfully authenticate,
regardless of the supplied credentials.
Versions of pam_ldap since version pam_ldap-169 are affected. If the underlying LDAP
client library does not support LDAP version 3 controls, then the system is not affected.
The vendor and US-CERT reported this
vulnerability.
|
Impact: A remote user may be able to bypass pam_ldap authentication to gain access to the ostensibly protected system.
|
Solution: The vendor has issued a fixed version (180), available at:
http://www.padl.com/OSS/pam_ldap.html
|
Vendor URL: www.padl.com/OSS/pam_ldap.html (Links to External Site)
|
Cause: Authentication error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 24 Aug 2005 21:58:30 -0400
Subject: pam_ldap
|
$Id: ChangeLog,v 1.204 2005/08/17 22:35:03 lukeh Exp $
===============================================================
180 Luke Howard <lukeh@padl.com>
* from Peter Marschall <peter@adpm.de>:
manual page installation fix
* fix for BUG#210: use start_tls on referrals if
configured to do so
* when handling new password policy control, only
fall through to account management module if a
policy error was returned (CERT VU#778916)
|
|
