GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Jul 14, 2005 10:17 am Post subject: [ GLSA 200507-13 ] pam_ldap and nss_ldap: Plain text authent |
|
|
Gentoo Linux Security Advisory
Title: pam_ldap and nss_ldap: Plain text authentication leak (GLSA 200507-13)
Severity: normal
Exploitable: remote
Date: July 14, 2005
Bug(s): #96767
ID: 200507-13
Synopsis
pam_ldap and nss_ldap fail to restart TLS when following a referral, possibly leading to credentials being sent in plain text.
Background
pam_ldap is a Pluggable Authentication Module which allows authentication against an LDAP directory. nss_ldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. TLS is Transport Layer Security, a protocol that allows encryption of network communications.
Affected Packages
Package: sys-auth/nss_ldap
Vulnerable: < 239-r1
Unaffected: >= 239-r1
Unaffected: >= 226-r1 < 226227
Architectures: All supported architectures
Package: sys-auth/pam_ldap
Vulnerable: < 178-r1
Unaffected: >= 178-r1
Architectures: All supported architectures
Description
Rob Holland of the Gentoo Security Audit Team discovered that pam_ldap and nss_ldap fail to use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the "ssl start_tls" ldap.conf setting.
Impact
An attacker could sniff passwords or other sensitive information as the communication is not encrypted.
Workaround
pam_ldap and nss_ldap can be set to force the use of SSL instead of TLS.
Resolution
All pam_ldap users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-auth/pam_ldap-178-r1" | All nss_ldap users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose sys-auth/nss_ldap |
References
CAN-2005-2069
Last edited by GLSA on Sun May 07, 2006 4:58 pm; edited 1 time in total |
|