CVE-2005-2654
CVSS7.5
发布时间 :2005-08-30 13:03:00
修订时间 :2008-09-05 16:52:20
NMCOPS    

[原文]phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.


[CNNVD]PHPLDAPAdmin 非授权访问漏洞(CNNVD-200508-306)

        phpLDAPadmin是基于web的LDAP客户端,允许方便的管理LDAP服务器。
        phpldapadmin中存在非授权访问漏洞,攻击者可以利用这个漏洞匿名访问LDAP服务器,即使配置中已有disable_anon_bind禁止匿名访问。起因是在允许访问LDAP管理函数之前没有正确的验证用户凭据。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2654
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2654
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-306
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2005/dsa-790
(VENDOR_ADVISORY)  DEBIAN  DSA-790
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423
(UNKNOWN)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423
http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml
(UNKNOWN)  GENTOO  GLSA-200509-04

- 漏洞信息

PHPLDAPAdmin 非授权访问漏洞
高危 访问验证错误
2005-08-30 00:00:00 2005-10-20 00:00:00
远程  
        phpLDAPadmin是基于web的LDAP客户端,允许方便的管理LDAP服务器。
        phpldapadmin中存在非授权访问漏洞,攻击者可以利用这个漏洞匿名访问LDAP服务器,即使配置中已有disable_anon_bind禁止匿名访问。起因是在允许访问LDAP管理函数之前没有正确的验证用户凭据。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.debian.org/security/2005/dsa-790

- 漏洞信息 (F41675)

Mandriva Linux Security Advisory 2005.212 (PacketStormID:F41675)
2005-11-20 00:00:00
Mandriva  mandriva.com
advisory,vulnerability
linux,mandriva
CVE-2005-2654,CVE-2005-2792,CVE-2005-2793,CVE-2005-0869,CVE-2005-0870,CVE-2005-3347,CVE-2005-3348
[点击下载]

Mandriva Linux Security Advisory - Updated egroupware packages to address phpldapadmin, phpsysinfo vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:212
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : egroupware
 Date    : November 16, 2005
 Affected: Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Egroupware contains embedded copies of several php based projects,
 including phpldapadmin and phpsysinfo. 
 
 Phpldapadmin before 0.9.6c allows remote attackers to gain anonymous
 access to the LDAP server, even when disable_anon_bind is set, via an
 HTTP request to login.php with the anonymous_bind parameter set.
 (CAN-2005-2654)
 
 Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6
 and 0.9.7 allows remote attackers to read arbitrary files via a ..
 (dot dot) in the custom_welcome_page parameter. (CAN-2005-2792)
 
 PHP remote code injection vulnerability in welcome.php in phpLDAPadmin
 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code
 via the custom_welcome_page parameter. (CAN-2005-2793)
 
 Maksymilian Arciemowicz discovered several cross site scripting issues
 in  phpsysinfo, a PHP based host information application.
 (CAN-2005-0869, 0870)
 
 Christopher Kunz discovered that local variables in phpsysinfo get
 overwritten unconditionally and are trusted later, which could lead to
 the inclusion of arbitrary files. (CAN-2005-3347)
 
 Christopher Kunz discovered that user-supplied input in phpsysinfo is
 used unsanitised, causing a HTTP Response splitting problem.
 (CAN-2005-3348)
 
 The updated packages have new versions of these subsystems to correct
 these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2654
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2792
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2793
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0869
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0870
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3347
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3348
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 ede368f20b1e00144278800d3b6bf468  corporate/3.0/RPMS/egroupware-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 8260713a9c28f6f7c7b08630af98b80c  corporate/3.0/RPMS/egroupware-addressbook-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 053e62d63d08566a51f5a4caed575920  corporate/3.0/RPMS/egroupware-backup-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 9d2a654955fd2dc83f965366a2af77a0  corporate/3.0/RPMS/egroupware-bookmarks-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 ee1d890db9e37afaa9ddd5caeab02223  corporate/3.0/RPMS/egroupware-calendar-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 26ecafedde93c891562ed679f833f1f0  corporate/3.0/RPMS/egroupware-comic-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 eecee2ff5e2c5beb36c4592235227d9d  corporate/3.0/RPMS/egroupware-developer_tools-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 153f3f86f72b627c3f12eb44715a01fd  corporate/3.0/RPMS/egroupware-email-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 3863031cfccf6ba411ae8965b4e13af0  corporate/3.0/RPMS/egroupware-emailadmin-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 260713edaf667a6c0af01afe5cf1276f  corporate/3.0/RPMS/egroupware-etemplate-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 a3ae6cc7bbbb4fb5191f41a7e602741a  corporate/3.0/RPMS/egroupware-felamimail-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 a95d31bb108a6126d3187af8c77c2164  corporate/3.0/RPMS/egroupware-filemanager-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 772a8690091f509727ef70f6b363d6bf  corporate/3.0/RPMS/egroupware-forum-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 e97692f7a5c888e4ea1a86236c9bd124  corporate/3.0/RPMS/egroupware-ftp-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 c9a5f4a17bf1697e7eb5e1e6421a6ff3  corporate/3.0/RPMS/egroupware-fudforum-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 d8a9513798c91e6cbd39667fa04784ff  corporate/3.0/RPMS/egroupware-headlines-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 87f25244c8af456bf43c66650dbc05e6  corporate/3.0/RPMS/egroupware-infolog-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 67fc3ed193d9e5a5b5e3d0ab4b3b21af  corporate/3.0/RPMS/egroupware-jinn-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 0c4a7125fa56f7e2c62b37c0e9657fda  corporate/3.0/RPMS/egroupware-messenger-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 7c59389b480bab742b74a7fa3c304e08  corporate/3.0/RPMS/egroupware-news_admin-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 ccc1a38a19f371b24014c078fd270640  corporate/3.0/RPMS/egroupware-phpbrain-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 4d08c9988a1a8b371dbb8e775f10ead5  corporate/3.0/RPMS/egroupware-phpldapadmin-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 49e15a21e9649192aec8a094fbd6ba23  corporate/3.0/RPMS/egroupware-phpsysinfo-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 449fc4f64a2684e801026551d10775a6  corporate/3.0/RPMS/egroupware-polls-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 84f495032f73864c1ca310a318837f31  corporate/3.0/RPMS/egroupware-projects-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 3db5f783dcda18436cbf518033f95be3  corporate/3.0/RPMS/egroupware-registration-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 e8113156f031a132f175176465203169  corporate/3.0/RPMS/egroupware-sitemgr-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 29d48e4fe5c5d1b94e59e0cc204e0543  corporate/3.0/RPMS/egroupware-skel-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 f6289361d472ea1ad5df3d7758f761be  corporate/3.0/RPMS/egroupware-stocks-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 76a227fd0a41378068f50206988bede3  corporate/3.0/RPMS/egroupware-tts-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 ec29184df68cc2b948acab7c5f8aeeb9  corporate/3.0/RPMS/egroupware-wiki-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 5384f10de57e45eeb12a9dd327ee9c10  corporate/3.0/SRPMS/egroupware-1.0-0.RC3.1.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 2f1b49e341d8edd6c1932003566ffc58  x86_64/corporate/3.0/RPMS/egroupware-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 6ccdd0eb824c3e33ec3d563faab7c3d0  x86_64/corporate/3.0/RPMS/egroupware-addressbook-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 d174b44005b42690b63f579fc52f25a5  x86_64/corporate/3.0/RPMS/egroupware-backup-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 7a373d4cd1164b9d224d4994660261be  x86_64/corporate/3.0/RPMS/egroupware-bookmarks-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 c4c7ba83e63d4c020ab727489ca97cf1  x86_64/corporate/3.0/RPMS/egroupware-calendar-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 86c6438ad0ba2b49a6cf5ca620029061  x86_64/corporate/3.0/RPMS/egroupware-comic-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 d89f1c956c5e2cc42814a20acb290687  x86_64/corporate/3.0/RPMS/egroupware-developer_tools-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 adfbb36bfd59ce3a48dc56b921be2a54  x86_64/corporate/3.0/RPMS/egroupware-email-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 bfa26dd6790000f2d5ad73aff923a49e  x86_64/corporate/3.0/RPMS/egroupware-emailadmin-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 413c4f14dab1ec459582e550184642e3  x86_64/corporate/3.0/RPMS/egroupware-etemplate-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 ef5067cae004fa45cd7bd7139120b889  x86_64/corporate/3.0/RPMS/egroupware-felamimail-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 f3deac45103897da4f179340270e4aad  x86_64/corporate/3.0/RPMS/egroupware-filemanager-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 8062cb13302d80aa6bd4e88f9d979b1c  x86_64/corporate/3.0/RPMS/egroupware-forum-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 f7937eb4df7f85c0fe8b379023f2c573  x86_64/corporate/3.0/RPMS/egroupware-ftp-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 eb8bbcc4b483e98945ee601b15ec7f7d  x86_64/corporate/3.0/RPMS/egroupware-fudforum-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 db6def23bc1ff1b53dcadd2ffdd6a3d0  x86_64/corporate/3.0/RPMS/egroupware-headlines-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 1e6cc7a656c68a1ca62e31c12e893a3f  x86_64/corporate/3.0/RPMS/egroupware-infolog-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 71c547730fcc2bc147443bfedee83d67  x86_64/corporate/3.0/RPMS/egroupware-jinn-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 c5bec11237069f31df19356273a04630  x86_64/corporate/3.0/RPMS/egroupware-messenger-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 447920d7c091917ddf6594748e259d61  x86_64/corporate/3.0/RPMS/egroupware-news_admin-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 42c4c60a10da6684116fd3b02015786f  x86_64/corporate/3.0/RPMS/egroupware-phpbrain-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 cc3d269b9c4e0a9c0ba653d43f5e7b07  x86_64/corporate/3.0/RPMS/egroupware-phpldapadmin-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 234151d4addd9cc8d1ec9c8d3de20c19  x86_64/corporate/3.0/RPMS/egroupware-phpsysinfo-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 2d1ee394139ac708596205c94e6c7787  x86_64/corporate/3.0/RPMS/egroupware-polls-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 46ad113c5567a0eb11c5714b0d40d4af  x86_64/corporate/3.0/RPMS/egroupware-projects-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 7eb518461ed5e14e30050a0029deff78  x86_64/corporate/3.0/RPMS/egroupware-registration-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 064cada6a43dca2b008667279fa49b77  x86_64/corporate/3.0/RPMS/egroupware-sitemgr-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 0b7e02fb4f16805917ab5bb38e413f46  x86_64/corporate/3.0/RPMS/egroupware-skel-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 e31a1d779b948888b6f8948fd62bf234  x86_64/corporate/3.0/RPMS/egroupware-stocks-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 bbbfa22769e23adb399ed087872cee89  x86_64/corporate/3.0/RPMS/egroupware-tts-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 98edc1ce7c21635f606c714d97c78501  x86_64/corporate/3.0/RPMS/egroupware-wiki-1.0-0.RC3.1.1.C30mdk.noarch.rpm
 5384f10de57e45eeb12a9dd327ee9c10  x86_64/corporate/3.0/SRPMS/egroupware-1.0-0.RC3.1.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDe1tCmqjQ0CJFipgRAtnhAJ0VJ50Jhua84VoTWeZs22jIzi33eACgnwu3
sRQYGhE96iex5ZIahGNH0Ww=
=oEG9
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F39864)

Gentoo Linux Security Advisory 200509-4 (PacketStormID:F39864)
2005-09-07 00:00:00
Gentoo  security.gentoo.org
advisory,php
linux,gentoo
CVE-2005-2654
[点击下载]

Gentoo Linux Security Advisory GLSA 200509-04 - Alexander Gerasiov discovered a flaw in login.php preventing the application from validating whether anonymous bind has been disabled in the target LDAP server configuration. Versions less than 0.9.7_alpha6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200509-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
     Title: phpLDAPadmin: Authentication bypass
      Date: September 06, 2005
      Bugs: #104293
        ID: 200509-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A flaw in phpLDAPadmin may allow attackers to bypass security
restrictions and connect anonymously.

Background
==========

phpLDAPadmin is a web-based LDAP client allowing to easily manage LDAP
servers.

Affected packages
=================

    -------------------------------------------------------------------
     Package               /    Vulnerable    /             Unaffected
    -------------------------------------------------------------------
  1  net-nds/phpldapadmin     < 0.9.7_alpha6           >= 0.9.7_alpha6

Description
===========

Alexander Gerasiov discovered a flaw in login.php preventing the
application from validating whether anonymous bind has been disabled in
the target LDAP server configuration.

Impact
======

Anonymous users can access the LDAP server, even if the
"disable_anon_bind" parameter was explicitly set to avoid this.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All phpLDAPadmin users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-nds/phpldapadmin-0.9.7_alpha6"

References
==========

  [ 1 ] CAN-2005-2654
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2654
  [ 2 ] Secunia Advisory SA16611
        http://secunia.com/advisories/16611/

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200509-04.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息

19067
phpLDAPadmin Unspecified Anonymous Bind Policy Bypass
Loss of Integrity Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2005-08-30 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.9.6c or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PHPLDAPAdmin Unauthorized Access Vulnerability
Access Validation Error 14694
Yes No
2005-08-30 12:00:00 2009-07-12 05:06:00
Discovered by Alexander Gerasiov.

- 受影响的程序版本

phpldapadmin phpldapadmin 0.9.5
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux

- 漏洞讨论

phpldapadmin is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to properly validate user credentials before granting access to LDAP administrative functions.

An attacker can exploit this vulnerability to login to the server anonymously, and utilize administrative functions to modify the LDAP database.

- 漏洞利用

No exploit is required.

- 解决方案

Debian Linux has released security advisory DSA 790-1 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Gentoo has released advisory GLSA 200509-04 and fixes to address this issue. To obtain fixes, execute the following:

emerge --sync
emerge --ask --oneshot --verbose ">=net-nds/phpldapadmin-0.9.7_alpha6"

Mandriva Linux has released security advisory MDKSA-2005:212 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


phpldapadmin phpldapadmin 0.9.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站