Solaris pam_ldap Authentication Module NULL Password Bypass
Local Access Required,
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
The pam_ldap module in Sun Solaris version 8 contains a flaw that may allow a malicious user to gain unauthorized system access. The issue is triggered when an attacker enters a NULL password on a system that is using the pam_ldap module for authentication. It is possible that the flaw may allow unauthorized access to the system resulting in a loss of confidentiality and/or integrity.
Upgrade to version 8 patch 111090-02 or patch 112218-01 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround:
NOTE This will cause the system to revert to UNIX authentication by disabling LDAP authentication.
Change the lines in the /etc/pam.conf file :
login auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
login auth required /usr/lib/security/$ISA/pam.ldap.so.1
to the single line:
login auth required /usr/lib/security/$ISA/pam_unix.so.1