Bug 103659

Summary:	sys-auth/pam_ldap authentication bypass vulnerability (CAN-2005-2641)
Product:	Gentoo Security	Reporter:	Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	pam-bugs+disabled, rockoo
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.kb.cert.org/vuls/id/778916
Whiteboard:	B3? [glsa] jaervosz
Package list:		Runtime testing required:	---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-08-24 21:57:59 UTC

Unknown vulnerability in pam_ldap before 180 does not properly handle a new 
password policy control, which could allow attackers to gain privileges.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-08-24 21:59:11 UTC

PAM herd please verify and bump as needed.

Comment 2 Robin Johnson archtester

2005-08-24 23:08:38 UTC

in cvs.

Comment 3 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-08-25 01:12:07 UTC

Stable on hppa and ppc. Works on x86 for me, too.

Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev

2005-08-25 07:10:59 UTC

sparc stable.

Comment 5 Simon Stelling (RETIRED) gentoo-dev

2005-08-28 05:12:06 UTC

amd64 stable. removing x86 from cc since it seems that it's already marked stable

Comment 6 Thierry Carrez (RETIRED) gentoo-dev

2005-08-28 09:45:07 UTC

Ready for GLSA vote. I tend to vote YES.

Comment 7 Stefan Cornelius (RETIRED) gentoo-dev

2005-08-28 10:22:47 UTC

/me says yes, too

Comment 8 Thierry Carrez (RETIRED) gentoo-dev

2005-08-29 07:50:26 UTC

Make mine a full yes. GLSA needed

Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-08-31 09:10:48 UTC

GLSA 200508-22