CVE-2005-2069
CVSS5.0
发布时间 :2005-06-30 00:00:00
修订时间 :2010-08-21 00:30:07
NMCOPS    

[原文]pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.


[CNNVD]OpenLDAP TLS明文口令传输漏洞(CNNVD-200506-242)

        OpenLDAP是一款开放源代码的轻量级目录访问协议(LDAP)实现。
        OpenLDAP在同TLS一起使用时在口令的传输处理上存在漏洞,攻击者可能利用此漏洞获取明文口令。
        如果在使用TLS与从盘建立连接且客户端用作主盘的话,就会出现这个漏洞。TLS没有使用这个连接,这可能导致以明文发送口令,允许攻击者嗅探到口令。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:padl_software:nss_ldap
cpe:/a:padl_software:pam_ldap
cpe:/a:openldap:openldap

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9445pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the cl...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2069
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2069
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200506-242
(官方数据源) CNNVD

- 其它链接及资源

http://www.openldap.org/its/index.cgi/Incoming?id=3791
(VENDOR_ADVISORY)  MISC  http://www.openldap.org/its/index.cgi/Incoming?id=3791
http://bugzilla.padl.com/show_bug.cgi?id=210
(VENDOR_ADVISORY)  MISC  http://bugzilla.padl.com/show_bug.cgi?id=210
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161990
(VENDOR_ADVISORY)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161990
http://xforce.iss.net/xforce/xfdb/21245
(UNKNOWN)  XF  ldap-tls-information-disclosure(21245)
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:121
(UNKNOWN)  MANDRIVA  MDKSA-2005:121
http://www.ubuntu.com/usn/usn-152-1
(UNKNOWN)  UBUNTU  USN-152-1
http://www.securityfocus.com/bid/14126
(UNKNOWN)  BID  14126
http://www.securityfocus.com/bid/14125
(UNKNOWN)  BID  14125
http://www.redhat.com/support/errata/RHSA-2005-767.html
(UNKNOWN)  REDHAT  RHSA-2005:767
http://www.redhat.com/support/errata/RHSA-2005-751.html
(UNKNOWN)  REDHAT  RHSA-2005:751
http://www.osvdb.org/17692
(UNKNOWN)  OSVDB  17692
http://www.gentoo.org/security/en/glsa/glsa-200507-13.xml
(UNKNOWN)  GENTOO  GLSA-2005-07-13
http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm
http://secunia.com/advisories/21520
(UNKNOWN)  SECUNIA  21520
http://secunia.com/advisories/17845
(UNKNOWN)  SECUNIA  17845
http://secunia.com/advisories/17233
(UNKNOWN)  SECUNIA  17233
http://bugzilla.padl.com/show_bug.cgi?id=211
(UNKNOWN)  MISC  http://bugzilla.padl.com/show_bug.cgi?id=211
http://bugs.gentoo.org/show_bug.cgi?id=96767
(UNKNOWN)  CONFIRM  http://bugs.gentoo.org/show_bug.cgi?id=96767
http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0060.html
(UNKNOWN)  FULLDISC  20050704 pam_ldap/nss_ldap password leak in a master+slave+start_tls LDAP setup

- 漏洞信息

OpenLDAP TLS明文口令传输漏洞
中危 设计错误
2005-06-30 00:00:00 2006-09-21 00:00:00
远程  
        OpenLDAP是一款开放源代码的轻量级目录访问协议(LDAP)实现。
        OpenLDAP在同TLS一起使用时在口令的传输处理上存在漏洞,攻击者可能利用此漏洞获取明文口令。
        如果在使用TLS与从盘建立连接且客户端用作主盘的话,就会出现这个漏洞。TLS没有使用这个连接,这可能导致以明文发送口令,允许攻击者嗅探到口令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://http.trustix.org/pub/trustix/updates/
        ftp://ftp.trustix.org/pub/trustix/updates/

- 漏洞信息 (F38835)

Ubuntu Security Notice 152-1 (PacketStormID:F38835)
2005-07-22 00:00:00
Ubuntu  ubuntu.com
advisory
linux,ubuntu
CVE-2005-2069
[点击下载]

Ubuntu Security Notice USN-152-1 - Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and libnss-ldap. When a client connected to a slave LDAP server using SSL, the slave server did not use SSL as well when contacting the LDAP master server. This caused passwords and other confident information to be transmitted unencrypted between the slave and the master.

===========================================================
Ubuntu Security Notice USN-152-1	      July 21, 2005
openldap2, libpam-ldap, libnss-ldap vulnerabilities
CAN-2005-2069
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

libnss-ldap
libpam-ldap
slapd

On Ubuntu 4.10, the problem can be corrected by upgrading the affected
packages to version 2.1.30-2ubuntu4.1 (slapd), 164-2ubuntu0.1
(libpam-ldap), and 220-1ubuntu0.1 (libnss-ldap).

On Ubuntu 5.04, the problem can be corrected by upgrading the affected
packages to version 2.1.30-3ubuntu3.1 (slapd), 169-1ubuntu0.1
(libpam-ldap), and 220-1ubuntu0.1 (libnss-ldap).

In general, a standard system upgrade is sufficient to effect the
necessary changes.

(Please note that libnss-ldap and libpam-ldap are not officially
supported by Ubuntu, they are in the "universe" suite of the archive.)

Details follow:

Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and
libnss-ldap. When a client connected to a slave LDAP server using SSL,
the slave server did not use SSL as well when contacting the LDAP
master server. This caused passwords and other confident information
to be transmitted unencrypted between the slave and the master.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_211-4ubuntu0.1.diff.gz
      Size/MD5:    40012 180bfdaf8ddf765fbffd5a671c2e08e5
    http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_211-4ubuntu0.1.dsc
      Size/MD5:      687 6b1c2784a1033e5ec81903976c950331
    http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_211.orig.tar.gz
      Size/MD5:   221013 34adcab5d46a436617ae686cc7c5e78f
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_164-2ubuntu0.1.diff.gz
      Size/MD5:    31544 8d085bc008fe5ac70b2a0ad6d56f92f8
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_164-2ubuntu0.1.dsc
      Size/MD5:      678 da1e9384d50f7b968adf547d829b7315
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_164.orig.tar.gz
      Size/MD5:   116873 0b5d6ef6735480210d27a3d969f59e12
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30-2ubuntu4.1.diff.gz
      Size/MD5:   116650 89863ef77edba510914cfdad0d3348ef
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30-2ubuntu4.1.dsc
      Size/MD5:      971 a430e9d325011aa5707b511f64d239dd
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30.orig.tar.gz
      Size/MD5:  2044673 e2ae8148c4bed07d7a70edd930bdc403

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libslapd2-dev_2.1.30-2ubuntu4.1_all.deb
      Size/MD5:    71854 f2b7772fa613690daa5eb85afcd13a34

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-2ubuntu4.1_amd64.deb
      Size/MD5:   125906 79af7aa37ff71b874214b90ee9ecae1e
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-2ubuntu4.1_amd64.deb
      Size/MD5:   360024 986821f16397c44875c6f9631e376620
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-2ubuntu4.1_amd64.deb
      Size/MD5:   308242 d4047e25be22bcf3064f3401d3827a4f
    http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_211-4ubuntu0.1_amd64.deb
      Size/MD5:    69096 4dce5370da2e0f675d274801f993ac05
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_164-2ubuntu0.1_amd64.deb
      Size/MD5:    49546 bdda10f11dae5c0eb89aae5dcb58f17d
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-2ubuntu4.1_amd64.deb
      Size/MD5:  1000922 d0cccba6c649de288204b677c051763c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-2ubuntu4.1_i386.deb
      Size/MD5:   111448 146b9142a0148940068a0e583c0f05bd
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-2ubuntu4.1_i386.deb
      Size/MD5:   316880 5828ac19e41a9dfd6f42acc754cb3c5d
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-2ubuntu4.1_i386.deb
      Size/MD5:   283620 2750618047fc01d8393a773caea6ee4f
    http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_211-4ubuntu0.1_i386.deb
      Size/MD5:    67978 a2a3f9a58c2a01b9e03f8f7e28575b80
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_164-2ubuntu0.1_i386.deb
      Size/MD5:    49208 cd423f7aa2211f49110913d661f9effe
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-2ubuntu4.1_i386.deb
      Size/MD5:   902696 5acca424b573c4359cfd26e41677ce0c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-2ubuntu4.1_powerpc.deb
      Size/MD5:   127948 1a88da127a39484da2c2d0fb782ae0ac
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-2ubuntu4.1_powerpc.deb
      Size/MD5:   371714 e3579e3bedba4e79e4817178aae191de
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-2ubuntu4.1_powerpc.deb
      Size/MD5:   301834 207ffdaf7d6a59efeed541c1186826be
    http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_211-4ubuntu0.1_powerpc.deb
      Size/MD5:    70402 4dd21e0f29aacf85c3e8caef7ac04ccb
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_164-2ubuntu0.1_powerpc.deb
      Size/MD5:    49762 c10ceae89d679444cab7d150d709d09c
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-2ubuntu4.1_powerpc.deb
      Size/MD5:   975904 b3c3f67196e71eb563e501f55bc97dd8

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_220-1ubuntu0.1.diff.gz
      Size/MD5:    26873 59ccd69249e345d2f535a4b6bdf323dd
    http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_220-1ubuntu0.1.dsc
      Size/MD5:      687 660f621b904c8cc6db16a1027bca370c
    http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_220.orig.tar.gz
      Size/MD5:   204826 d401485fcabf4ea40d244c2c9a19247e
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_169-1ubuntu0.1.diff.gz
      Size/MD5:    26203 f6618a137174a52f3eaa2c6dc357b434
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_169-1ubuntu0.1.dsc
      Size/MD5:      678 ba2b65635fcc64aefc6a12c2c90b3bd0
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_169.orig.tar.gz
      Size/MD5:   119817 62abfe9c5d62e7d112c12d0e5863129f
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30-3ubuntu3.1.diff.gz
      Size/MD5:   117295 743d542b68dd5d743527ac15500b8b51
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30-3ubuntu3.1.dsc
      Size/MD5:      988 abcae0bb7933a4634c0562c41b17a4d5
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30.orig.tar.gz
      Size/MD5:  2044673 e2ae8148c4bed07d7a70edd930bdc403

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libslapd2-dev_2.1.30-3ubuntu3.1_all.deb
      Size/MD5:    72308 60a8341fad6776f7da90291b0c0a41e5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-3ubuntu3.1_amd64.deb
      Size/MD5:   126282 504170293b367b3d3960c19619386368
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-3ubuntu3.1_amd64.deb
      Size/MD5:   361172 fc2aaa72ddc00c7ea6e9118d18532672
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-3ubuntu3.1_amd64.deb
      Size/MD5:   309092 62bb57d16d2e0b7ef505d9023eacc687
    http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_220-1ubuntu0.1_amd64.deb
      Size/MD5:    74590 f1087a8146dd42601bbc990f8d1c755d
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_169-1ubuntu0.1_amd64.deb
      Size/MD5:    52078 6057c9f1597d80a2c162837b25f2e9a7
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-3ubuntu3.1_amd64.deb
      Size/MD5:  1087990 a8a2b8b425be64cb3fcf5a32a8d83416

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-3ubuntu3.1_i386.deb
      Size/MD5:   110644 d52d6dd0c45e8532c6170ddf1a52f19c
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-3ubuntu3.1_i386.deb
      Size/MD5:   317990 4e54bf4ec7dc799de00bf8bf0711bded
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-3ubuntu3.1_i386.deb
      Size/MD5:   284484 89c8c1a89831713025896642ccccd900
    http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_220-1ubuntu0.1_i386.deb
      Size/MD5:    73536 ed6ee791428191886b86d29063997565
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_169-1ubuntu0.1_i386.deb
      Size/MD5:    51670 384be799688e0277feb86b4508288699
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-3ubuntu3.1_i386.deb
      Size/MD5:   979238 3e2fad1ffb1b9d7eac366467da98e3ce

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-3ubuntu3.1_powerpc.deb
      Size/MD5:   129544 bb935cbb6fc5e7670646607d0c481ff6
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-3ubuntu3.1_powerpc.deb
      Size/MD5:   373102 fbd4736d7f2167db5a204609f08076e6
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-3ubuntu3.1_powerpc.deb
      Size/MD5:   302728 8e97eb53df941a8d4546f3de39477aa7
    http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_220-1ubuntu0.1_powerpc.deb
      Size/MD5:    75784 8d77afd6f2a602294cc1d953b9995c38
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_169-1ubuntu0.1_powerpc.deb
      Size/MD5:    52180 40ef599a113e873a235b76f315a444d2
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-3ubuntu3.1_powerpc.deb
      Size/MD5:  1058104 59a515083487c2218c4acefb99bee97d
    

- 漏洞信息 (F38707)

Gentoo Linux Security Advisory 200507-13 (PacketStormID:F38707)
2005-07-15 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-2069
[点击下载]

Gentoo Linux Security Advisory GLSA 200507-13 - Rob Holland of the Gentoo Security Audit Team discovered that pam_ldap and nss_ldap fail to use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the ssl start_tls ldap.conf setting. Versions less than 239-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200507-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: pam_ldap and nss_ldap: Plain text authentication leak
      Date: July 14, 2005
      Bugs: #96767
        ID: 200507-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

pam_ldap and nss_ldap fail to restart TLS when following a referral,
possibly leading to credentials being sent in plain text.

Background
==========

pam_ldap is a Pluggable Authentication Module which allows
authentication against an LDAP directory. nss_ldap is a Name Service
Switch module which allows 'passwd', 'group' and 'host' database
information to be pulled from LDAP. TLS is Transport Layer Security, a
protocol that allows encryption of network communications.

Affected packages
=================

    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  sys-auth/nss_ldap      < 239-r1                         >= 239-r1
                                                            *>= 226-r1
  2  sys-auth/pam_ldap      < 178-r1                         >= 178-r1
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

Rob Holland of the Gentoo Security Audit Team discovered that pam_ldap
and nss_ldap fail to use TLS for referred connections if they are
referred to a master after connecting to a slave, regardless of the
"ssl start_tls" ldap.conf setting.

Impact
======

An attacker could sniff passwords or other sensitive information as the
communication is not encrypted.

Workaround
==========

pam_ldap and nss_ldap can be set to force the use of SSL instead of
TLS.

Resolution
==========

All pam_ldap users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-auth/pam_ldap-178-r1"

All nss_ldap users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose sys-auth/nss_ldap

References
==========

  [ 1 ] CAN-2005-2069
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-13.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息

17692
OpenLDAP / pam_ldap TLS Connection Cleartext Password Disclosure
Cryptographic, Information Disclosure
Loss of Confidentiality
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-06-21 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PADL Software PAM_LDAP TLS Plaintext Password Vulnerability
Design Error 14126
Yes No
2005-07-01 12:00:00 2009-07-12 04:06:00
This issue was reported in a Trustix advisory.

- 受影响的程序版本

Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 7
+ Linux kernel 2.4.19
SGI Advanced Linux Environment 3.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SuSE Linux Open-Xchange 4.1
S.u.S.E. SuSE eMail Server III
S.u.S.E. SuSE eMail Server 3.1
S.u.S.E. SUSE CORE 9 for x86
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Office Server
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 7.3
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux IMAP Server 1.0
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Database Server 0
S.u.S.E. LINUX 9.1 Personal Edition CD-ROM
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
S.u.S.E. Linux 7.3 sparc
S.u.S.E. Linux 7.3 ppc
S.u.S.E. Linux 7.3 i386
S.u.S.E. Linux 7.3
S.u.S.E. Linux 7.2 i386
S.u.S.E. Linux 7.2
S.u.S.E. Linux 7.1 x86
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.1
S.u.S.E. Linux 7.0 sparc
S.u.S.E. Linux 7.0 ppc
S.u.S.E. Linux 7.0 i386
S.u.S.E. Linux 7.0 alpha
S.u.S.E. Linux 7.0
S.u.S.E. Linux 6.4 ppc
S.u.S.E. Linux 6.4 i386
S.u.S.E. Linux 6.4 alpha
S.u.S.E. Linux 6.4
S.u.S.E. Linux 6.3 ppc
S.u.S.E. Linux 6.3 alpha
S.u.S.E. Linux 6.3
S.u.S.E. Linux 6.2
S.u.S.E. Linux 6.1 alpha
S.u.S.E. Linux 6.1
S.u.S.E. Linux 6.0
S.u.S.E. Linux 5.3
S.u.S.E. Linux 5.2
S.u.S.E. Linux 5.1
S.u.S.E. Linux 5.0
S.u.S.E. Linux 4.4.1
S.u.S.E. Linux 4.4
S.u.S.E. Linux 4.3
S.u.S.E. Linux 4.2
S.u.S.E. Linux 4.0
S.u.S.E. Linux 3.0
S.u.S.E. Linux 2.0
S.u.S.E. Linux 1.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux AS 4
Padl Software pam_ldap Build 169
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Padl Software pam_ldap Build 166
Padl Software pam_ldap Build 164
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Padl Software pam_ldap Build 148
Padl Software pam_ldap Build 131
Padl Software pam_ldap Build 111
Padl Software nss_ldap Build 85
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.1 alpha
Padl Software nss_ldap Build 220
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Padl Software nss_ldap Build 211
Padl Software nss_ldap Build 202
Padl Software nss_ldap Build 199
Padl Software nss_ldap Build 198
Padl Software nss_ldap Build 194
Padl Software nss_ldap Build 192
Padl Software nss_ldap Build 191
Padl Software nss_ldap Build 190
Padl Software nss_ldap Build 189
Padl Software nss_ldap Build 188
Padl Software nss_ldap Build 187
Padl Software nss_ldap Build 186
Padl Software nss_ldap Build 185.3
Padl Software nss_ldap Build 185.2
Padl Software nss_ldap Build 185.1
Padl Software nss_ldap Build 185
Padl Software nss_ldap Build 184
Padl Software nss_ldap Build 183
Padl Software nss_ldap Build 181
Padl Software nss_ldap Build 180
Padl Software nss_ldap Build 173
Padl Software nss_ldap Build 172
Padl Software nss_ldap Build 122
Padl Software nss_ldap Build 121
Padl Software nss_ldap Build 113
Padl Software nss_ldap Build 107
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Padl Software nss_ldap Build 105
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.2 alpha
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Gentoo Linux
Conectiva Linux 10.0

- 漏洞讨论

PAM_LDAP is affected by a password disclosure vulnerability when used with TLS.

This issue arises when a connection to a slave is established using TLS and the client is referred to a master. TLS is not used with this connection, which can allow an attacker to sniff network traffic and obtain user credentials.

PAM_LDAP build 166 is known to be vulnerable at the moment. Other versions may be affected as well.

- 漏洞利用

An exploit is not required.

- 解决方案

Trustix has released advisory TSLSA-2005-0031 to address various issues. Please see the referenced advisory for more information.

Gentoo has released advisory GLSA 200507-13 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

All pam_ldap users:

emerge --sync
emerge --ask --oneshot --verbose ">=sys-auth/pam_ldap-178-r1"

All nss_ldap users:

emerge --sync
emerge --ask --oneshot --verbose sys-auth/nss_ldap

Mandriva had released security advisory MDKSA-2005:121 addressing this issue. Please see the referenced advisory for further information.

Ubuntu Linux has released security advisory USN-152-1 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Turbolinux has released advisories TLSA-2005-86 and TLSA-2005-87 to address this issue in nss_ldap and pam_ldap, respectively. Please see the referenced advisories for further information.

SUSE has released a security summary report (SUSE-SR:2005:020) addressing this and other issues. Please see the referenced advisory for further information.

Conectiva Linux has released security advisory CLSA-2005:1027 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

RedHat has released advisory RHSA-2005:767-8, along with fixes to address this issue in RedHat Enterprise operating systems. Please see the referenced advisory for further information.

SGI has released advisory 20051003-01-U and fixes for this and other issues. Please see the referenced advisory for further details.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


Padl Software pam_ldap Build 111

Padl Software pam_ldap Build 164

Padl Software pam_ldap Build 148

Conectiva Linux 10.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站