Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 103659 - sys-auth/pam_ldap authentication bypass vulnerability (CAN-2005-2641)
Summary: sys-auth/pam_ldap authentication bypass vulnerability (CAN-2005-2641)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3? [glsa] jaervosz
Depends on:
Reported: 2005-08-24 21:57 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-08-31 09:10 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-24 21:57:59 UTC
Unknown vulnerability in pam_ldap before 180 does not properly handle a new 
password policy control, which could allow attackers to gain privileges.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-24 21:59:11 UTC
PAM herd please verify and bump as needed. 
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-08-24 23:08:38 UTC
in cvs.
Comment 3 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-25 01:12:07 UTC
Stable on hppa and ppc. Works on x86 for me, too.
Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev 2005-08-25 07:10:59 UTC
sparc stable.
Comment 5 Simon Stelling (RETIRED) gentoo-dev 2005-08-28 05:12:06 UTC
amd64 stable. removing x86 from cc since it seems that it's already marked stable
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-08-28 09:45:07 UTC
Ready for GLSA vote. I tend to vote YES.
Comment 7 Stefan Cornelius (RETIRED) gentoo-dev 2005-08-28 10:22:47 UTC
/me says yes, too
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2005-08-29 07:50:26 UTC
Make mine a full yes. GLSA needed
Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-31 09:10:48 UTC
GLSA 200508-22