Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in nss_ldap
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in nss_ldap
ID: TLSA-2005-86
Distribution: TurboLinux
Plattformen: Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 7 Server, Turbolinux 7 Workstation, Turbolinux 8 Server, Turbolinux 8 Workstation, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
Datum: Sa, 3. September 2005, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2069
Applikationen: nss_ldap

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2005-86
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 29 Aug 2005
Last revised: 29 Aug 2005

Package: nss_ldap

Summary: Password leak

More information:
The nss_ldap is a set of C library extensions which allows X.500 and LDAP
directory servers to be used as a primary source of aliases, ethers,
groups, hosts, networks, protocol, users, RPCs, services and shadow
passwords (instead of or in addition to using flat files or NIS).
The pam_ldap and nss_ldap would not use TLS for referred connections
if they are referred to a master after connecting to a slave.

Impact:
The pam_ldap and nss_ldap may cause a password to be sent in cleartext and
allows remote attackers to sniff the password.

Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation

Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal]
# turbopkg
or
# zabom -u nss_ldap

[other]
# turbopkg
or
# zabom update nss_ldap
---------------------------------------------


<Turbolinux 10 Server>

Source Packages
Size: MD5

nss_ldap-209-2.src.rpm
226968 c85c3be40324b73654a0ed2eb3d7533c

Binary Packages
Size: MD5

nss_ldap-209-2.i586.rpm
77229 e1f5ffc41a49b077adeb9bc2b3b72a34

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

nss_ldap-209-2.src.rpm
226968 4e4213a6741b85eb547d524956cad20c

Binary Packages
Size: MD5

nss_ldap-209-2.i586.rpm
77071 06287205b2d06c7551c56e91ef4748d2

<Turbolinux 8 Server>

Source Packages
Size: MD5

nss_ldap-202-3.src.rpm
199582 fc26c54ff2558cd93532bf2c59b653d2

Binary Packages
Size: MD5

nss_ldap-202-3.i586.rpm
79356 56bc1beb223b5d7b1bae6d26ad0d92fe

<Turbolinux 8 Workstation>

Source Packages
Size: MD5

nss_ldap-202-3.src.rpm
199582 582b891468b11143d1cc9e4c95e5d81e

Binary Packages
Size: MD5

nss_ldap-202-3.i586.rpm
79366 1375db1b32581d21850d3f3970b67e14

<Turbolinux 7 Server>

Source Packages
Size: MD5

nss_ldap-202-3.src.rpm
199582 59ed7aa5913cf47bd810b8e8adc308f2

Binary Packages
Size: MD5

nss_ldap-202-3.i586.rpm
78955 3a4d36320552b164880999760532d197

<Turbolinux 7 Workstation>

Source Packages
Size: MD5

nss_ldap-202-3.src.rpm
199582 614d011a344583f6f1c9d20ea4b5eb01

Binary Packages
Size: MD5

nss_ldap-202-3.i586.rpm
79024 f9e45874b4b02185bd362bece4ecec54


References:

CVE
[CAN-2005-2069]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069

--------------------------------------------------------------------------
Revision History
29 Aug 2005 Initial release
--------------------------------------------------------------------------

Copyright(C) 2005 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDEptgK0LzjOqIJMwRAgvtAKCYuQHofYL1XHGglGTr4HSaPw0+QwCfXva3
dyYrJo0Cw+B72fI8csTAgeg=
=AODL
-----END PGP SIGNATURE-----
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung