Gentoo Bug 103659 - sys-auth/pam_ldap authentication bypass vulnerability (CAN-2005-2641)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	103659
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 103659 depends on:			Show dependency tree Show dependency graph
Bug 103659 blocks:			Show dependency tree Show dependency graph

Additional Comments: (this is where you put emerge --info)

Add to CC list

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-08-24 21:57 0000

Unknown vulnerability in pam_ldap before 180 does not properly handle a new 
password policy control, which could allow attackers to gain privileges.

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-08-24 21:59:11 0000 -------

PAM herd please verify and bump as needed.

------- Comment #2 From Robin Johnson 2005-08-24 23:08:38 0000 -------

in cvs.

------- Comment #3 From Michael Hanselmann (hansmi) (RETIRED) 2005-08-25 01:12:07 0000 -------

Stable on hppa and ppc. Works on x86 for me, too.

------- Comment #4 From Gustavo Zacarias (RETIRED) 2005-08-25 07:10:59 0000 -------

sparc stable.

------- Comment #5 From Simon Stelling (RETIRED) 2005-08-28 05:12:06 0000 -------

amd64 stable. removing x86 from cc since it seems that it's already marked
stable

------- Comment #6 From Thierry Carrez (RETIRED) 2005-08-28 09:45:07 0000 -------

Ready for GLSA vote. I tend to vote YES.

------- Comment #7 From Stefan Cornelius (RETIRED) 2005-08-28 10:22:47 0000 -------

/me says yes, too

------- Comment #8 From Thierry Carrez (RETIRED) 2005-08-29 07:50:26 0000 -------

Make mine a full yes. GLSA needed

------- Comment #9 From Sune Kloppenborg Jeppesen 2005-08-31 09:10:48 0000 -------

GLSA 200508-22

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 103659

sys-auth/pam_ldap authentication bypass vulnerability (CAN-2005-2641)

Last modified: 2005-08-31 09:10:48 0000