pam_ldap Password Policy Control Error Lets Remote Users Bypass Authentication
|
|
SecurityTracker Alert ID: 1014788 |
|
SecurityTracker URL: http://securitytracker.com/id/1014788
|
|
CVE Reference:
CAN-2005-2641
(Links to External Site)
|
Date: Aug 25 2005
|
Impact:
Host/resource access via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 169 - 180
|
Description:
A vulnerability was reported in pam_ldap. A remote user may be able to gain acces to a system that uses pam_ldap.
The pam_ldap password policy control contains a flaw that may allow a remote user to bypass authentication. A remote user can attempt to authenticate against an LDAP server that omits the optional error value from the PasswordPolicyResponseValue to sucessfully authenticate, regardless of the supplied credentials.
Versions of pam_ldap since version pam_ldap-169 are affected. If the underlying LDAP client library does not support LDAP version 3 controls, then the system is not affected.
The vendor and US-CERT reported this vulnerability.
|
Impact:
A remote user may be able to bypass pam_ldap authentication to gain access to the ostensibly protected system.
|
Solution:
The vendor has issued a fixed version (180), available at:
http://www.padl.com/OSS/pam_ldap.html
|
Vendor URL: www.padl.com/OSS/pam_ldap.html (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 24 Aug 2005 21:58:30 -0400
Subject: pam_ldap
|
$Id: ChangeLog,v 1.204 2005/08/17 22:35:03 lukeh Exp $
===============================================================
180 Luke Howard <lukeh@padl.com>
* from Peter Marschall <peter@adpm.de>:
manual page installation fix
* fix for BUG#210: use start_tls on referrals if
configured to do so
* when handling new password policy control, only
fall through to account management module if a
policy error was returned (CERT VU#778916)
|
|
