drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in pam_ldap
Name: |
Preisgabe von Informationen in pam_ldap |
|
ID: |
TLSA-2005-87 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 7 Server, Turbolinux 7 Workstation, Turbolinux 8 Server, Turbolinux 8 Workstation, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition |
|
Datum: |
Sa, 3. September 2005, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2069 |
|
Applikationen: |
pam_ldap |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2005-87 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 29 Aug 2005 Last revised: 29 Aug 2005
Package: pam_ldap
Summary: Password leak
More information: This is pam_ldap, a pluggable authentication module that can be used with linux-PAM. This module supports password changes, V2 clients, Netscapes SSL, ypldapd, Netscape Directory Server password policies, access authorization, crypted hashes, etc. The pam_ldap and nss_ldap would not use TLS for referred connections if they are referred to a master after connecting to a slave.
Impact: The pam_ldap and nss_ldap may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
Affected Products: - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation
Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal] # turbopkg or # zabom -u pam_ldap
[other] # turbopkg or # zabom update pam_ldap ---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages Size: MD5
pam_ldap-148-3.src.rpm 112233 abefe3aa030974e314fc2a5964aea280
Binary Packages Size: MD5
pam_ldap-148-3.i586.rpm 70375 27c29cf18c9664a09155a7d1ad1c961b
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages Size: MD5
pam_ldap-148-3.src.rpm 112233 3c252cd236b65afa3d2c0a9a8cc669a2
Binary Packages Size: MD5
pam_ldap-148-3.i586.rpm 70583 4615d1d3d8a3b6b84efd0947961d27a3
<Turbolinux 10 Server>
Source Packages Size: MD5
pam_ldap-164-2.src.rpm 126714 4efdce26c7e639b49e0287da1ff3037c
Binary Packages Size: MD5
pam_ldap-164-2.i586.rpm 46618 bd81fd78bd2305e26a71efd1123feaed
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>
Source Packages Size: MD5
pam_ldap-164-2.src.rpm 126714 5409b321eceb3612e881b0eafc4851f9
Binary Packages Size: MD5
pam_ldap-164-2.i586.rpm 46766 a3c4b3bbab2d7290d2bc261f9c0698c4
<Turbolinux 8 Server>
Source Packages Size: MD5
pam_ldap-148-3.src.rpm 112233 b14f45cf7f7984508e8701e421e9cddc
Binary Packages Size: MD5
pam_ldap-148-3.i586.rpm 70546 7b5f75094e2fe3a23eb6f3adf9360e3e
<Turbolinux 8 Workstation>
Source Packages Size: MD5
pam_ldap-148-3.src.rpm 112233 bc22f3981e361c678c94d8a1a7267265
Binary Packages Size: MD5
pam_ldap-148-3.i586.rpm 70479 13ff9d979ce83fbb5e184fdd47c82f19
<Turbolinux 7 Server>
Source Packages Size: MD5
pam_ldap-148-3.src.rpm 112233 a0bf03f447c276c1f97b86b866481d05
Binary Packages Size: MD5
pam_ldap-148-3.i586.rpm 68845 9090da288e7065668fc2a80c20ee0cb4
<Turbolinux 7 Workstation>
Source Packages Size: MD5
pam_ldap-148-3.src.rpm 112233 b228193e8a1fc9d7f634e9b126b8211c
Binary Packages Size: MD5
pam_ldap-148-3.i586.rpm 68821 9173b4b8d339f6e8bf052de1b9e105a0
References:
CVE [CAN-2005-2069] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069
-------------------------------------------------------------------------- Revision History 29 Aug 2005 Initial release --------------------------------------------------------------------------
Copyright(C) 2005 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDEptmK0LzjOqIJMwRAuklAJ4scKXcvC0PPVZSaFlVKcE3tp4U+wCeINDc ImW0VlWBo656jc488UpVbEg= =GGL1 -----END PGP SIGNATURE-----
|
|
|
|