Gentoo Full Text Bug Listing

Bug 103659 - sys-auth/pam_ldap authentication bypass vulnerability (CAN-2005-2641)

Bug#: 103659	Product: Gentoo Security	Version: unspecified	Platform: All
OS/Version: Linux	Status: RESOLVED	Severity: minor	Priority: P2
Resolution: FIXED	Assigned To: security@gentoo.org	Reported By: jaervosz@gentoo.org
Component: Vulnerabilities
URL: http://www.kb.cert.org/vuls/id/778916
Summary: sys-auth/pam_ldap authentication bypass vulnerability (CAN-2005-2641)
Keywords:
Status Whiteboard: B3? [glsa] jaervosz
Opened: 2005-08-24 21:57 0000

Description:

Opened: 2005-08-24 21:57 0000

Unknown vulnerability in pam_ldap before 180 does not properly handle a new 
password policy control, which could allow attackers to gain privileges.

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-08-24 21:59:11 0000 -------

PAM herd please verify and bump as needed.

------- Comment #2 From Robin Johnson 2005-08-24 23:08:38 0000 -------

in cvs.

------- Comment #3 From Michael Hanselmann (hansmi) (RETIRED) 2005-08-25 01:12:07 0000 -------

Stable on hppa and ppc. Works on x86 for me, too.

------- Comment #4 From Gustavo Zacarias (RETIRED) 2005-08-25 07:10:59 0000 -------

sparc stable.

------- Comment #5 From Simon Stelling (RETIRED) 2005-08-28 05:12:06 0000 -------

amd64 stable. removing x86 from cc since it seems that it's already marked
stable

------- Comment #6 From Thierry Carrez (RETIRED) 2005-08-28 09:45:07 0000 -------

Ready for GLSA vote. I tend to vote YES.

------- Comment #7 From Stefan Cornelius (RETIRED) 2005-08-28 10:22:47 0000 -------

/me says yes, too

------- Comment #8 From Thierry Carrez (RETIRED) 2005-08-29 07:50:26 0000 -------

Make mine a full yes. GLSA needed

------- Comment #9 From Sune Kloppenborg Jeppesen 2005-08-31 09:10:48 0000 -------

GLSA 200508-22