SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (UNIX)  >   Pam (Pluggable Authentication Modules) Vendors:   Sun
Sun Solaris pam_ldap.so.1 Pluggable Authentication Module Grants Access To Null Passwords
SecurityTracker Alert ID:  1000947
SecurityTracker URL:  http://securitytracker.com/id/1000947
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 20 2001
Impact:   User access via local system, User access via network


Description:   The Solaris 8 pam_ldap.so.1 pluggable authentication module accepts a NULL password instead of rejecting it.

It was reported that the issue is known by Sun but no workarounds or solutions were apparent to the reporter. Sunsolve reportedly has issued bugid 4384816 regarding this issue, known since 06-Nov-2000 with a status of 'Evaluated' but with no workaround or other information posted as yet.

If this module is used for authentication, as configured in pam.conf per the pam_ldap manpage (for example), entering a NULL password will provide a login shell prompt. Entering a NULL password provides the same function as entering a correct password, instead of being rejected.

Impact:   An attacker could gain access to any application that uses this module.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.sun.com (Links to External Site)
Cause:   Authentication error
Underlying OS:  UNIX (Solaris - SunOS)

Message History:   None.


 Source Message Contents

Subject:  Solaris 8 pam_ldap.so.1 module broken


I looked through the archives back to November 2000 and didn't see
this mentioned.  Apologies if it's there and I missed it.

Sunsolve has bugid 4384816 on file regarding this issue.  It's been
known since 06-Nov-2000 with a status of 'Evaluated' but no workaround
or other information, helpful or otherwise, posted as yet.

The problem is that if you use this module for authentication, as
configured in pam.conf per the pam_ldap manpage (for example),
entering a NULL password is a quick way to get a login shell prompt.
That is, entering a NULL password is technically equivalent to
entering the correct password as far as this module is concerned.
Providing an incorrect password (other than NULL, of course) or a
valid password results in proper behavior.

Using the pam_ldap module compiled from source code available at
http://www.padl.com appears to work correctly though I've only had
time to test against the problem described above.

-Caleb

--
Caleb David
avatar@very.strange.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC