Vulnerabilities > CVE-2005-2641 - Authentication Bypass vulnerability in PADL Software PAM_LDAP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL6634.NASL description The remote BIG-IP device is missing a patch required by a security advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 78211 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78211 title F5 Networks BIG-IP : pam_ldap vulnerability (SOL6634) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_38C76FCF174411DA978E0001020EED82.NASL description Luke Howard reports : If a pam_ldap client authenticates against an LDAP server that returns a passwordPolicyResponse control, but omits the optional last seen 2020-06-01 modified 2020-06-02 plugin id 21413 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21413 title FreeBSD : pam_ldap -- authentication bypass vulnerability (38c76fcf-1744-11da-978e-0001020eed82) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-767.NASL description Updated openldap and nss_ldap packages that correct a potential password disclosure issue and possible authentication vulnerability are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The nss_ldap module is an extension for use with GNU libc which allows applications to, without internal modification, consult a directory service using LDAP to supplement information that would be read from local files such as /etc/passwd, /etc/group, and /etc/shadow. A bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP servers. If a client connection is referred to a different server, it is possible that the referred connection will not be encrypted even if the client has last seen 2020-06-01 modified 2020-06-02 plugin id 20046 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20046 title RHEL 4 : openldap and nss_ldap (RHSA-2005:767) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL5725.NASL description The remote BIG-IP device is missing a patch required by a security advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 78207 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78207 title F5 Networks BIG-IP : pam_ldap password policy control vulnerability (SOL5725) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-22.NASL description The remote host is affected by the vulnerability described in GLSA-200508-22 (pam_ldap: Authentication bypass vulnerability) When a pam_ldap client attempts to authenticate against an LDAP server that omits the optional error value from the PasswordPolicyResponseValue, the authentication attempt will always succeed. Impact : A remote attacker may exploit this vulnerability to bypass the LDAP authentication mechanism, gaining access to the system possibly with elevated privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19575 published 2005-09-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19575 title GLSA-200508-22 : pam_ldap: Authentication bypass vulnerability NASL family Debian Local Security Checks NASL id DEBIAN_DSA-785.NASL description It has been discovered that libpam-ldap, the Pluggable Authentication Module allowing LDAP interfaces, ignores the result of an attempt to authenticate against an LDAP server that does not set an optional data field. last seen 2020-06-01 modified 2020-06-02 plugin id 19528 published 2005-08-30 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19528 title Debian DSA-785-1 : libpam-ldap - authentication bypass NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-767.NASL description Updated openldap and nss_ldap packages that correct a potential password disclosure issue and possible authentication vulnerability are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The nss_ldap module is an extension for use with GNU libc which allows applications to, without internal modification, consult a directory service using LDAP to supplement information that would be read from local files such as /etc/passwd, /etc/group, and /etc/shadow. A bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP servers. If a client connection is referred to a different server, it is possible that the referred connection will not be encrypted even if the client has last seen 2020-06-01 modified 2020-06-02 plugin id 21961 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21961 title CentOS 4 : openldap / nss_ldap (CESA-2005:767) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-190.NASL description A bug was found in the way the pam_ldap module processed certain failure messages. If the server includes supplemental data in an authentication failure result message, but the data does not include any specific error code, the pam_ldap module would proceed as if the authentication request had succeeded, and authentication would succeed. This affects versions 169 through 179 of pam_ldap. The updated packages have been patched to address this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 20120 published 2005-11-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20120 title Mandrake Linux Security Advisory : nss_ldap (MDKSA-2005:190)
Oval
| accepted | 2013-04-29T04:05:04.666-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:10370 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate. | ||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://secunia.com/advisories/17233
- http://secunia.com/advisories/17270
- http://www.kb.cert.org/vuls/id/778916
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:190
- http://www.redhat.com/support/errata/RHSA-2005-767.html
- http://www.securityfocus.com/archive/1/447859/100/200/threaded
- http://www.securityfocus.com/bid/14649
- https://issues.rpath.com/browse/RPL-680
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10370
- https://www.redhat.com/archives/fedora-test-list/2005-August/msg00170.html