drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in nss_ldap
Name: |
Preisgabe von Informationen in nss_ldap |
|
ID: |
TLSA-2005-86 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 7 Server, Turbolinux 7 Workstation, Turbolinux 8 Server, Turbolinux 8 Workstation, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal |
|
Datum: |
Sa, 3. September 2005, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2069 |
|
Applikationen: |
nss_ldap |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2005-86 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 29 Aug 2005 Last revised: 29 Aug 2005
Package: nss_ldap
Summary: Password leak
More information: The nss_ldap is a set of C library extensions which allows X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services and shadow passwords (instead of or in addition to using flat files or NIS). The pam_ldap and nss_ldap would not use TLS for referred connections if they are referred to a master after connecting to a slave.
Impact: The pam_ldap and nss_ldap may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
Affected Products: - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation
Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal] # turbopkg or # zabom -u nss_ldap
[other] # turbopkg or # zabom update nss_ldap ---------------------------------------------
<Turbolinux 10 Server>
Source Packages Size: MD5
nss_ldap-209-2.src.rpm 226968 c85c3be40324b73654a0ed2eb3d7533c
Binary Packages Size: MD5
nss_ldap-209-2.i586.rpm 77229 e1f5ffc41a49b077adeb9bc2b3b72a34
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>
Source Packages Size: MD5
nss_ldap-209-2.src.rpm 226968 4e4213a6741b85eb547d524956cad20c
Binary Packages Size: MD5
nss_ldap-209-2.i586.rpm 77071 06287205b2d06c7551c56e91ef4748d2
<Turbolinux 8 Server>
Source Packages Size: MD5
nss_ldap-202-3.src.rpm 199582 fc26c54ff2558cd93532bf2c59b653d2
Binary Packages Size: MD5
nss_ldap-202-3.i586.rpm 79356 56bc1beb223b5d7b1bae6d26ad0d92fe
<Turbolinux 8 Workstation>
Source Packages Size: MD5
nss_ldap-202-3.src.rpm 199582 582b891468b11143d1cc9e4c95e5d81e
Binary Packages Size: MD5
nss_ldap-202-3.i586.rpm 79366 1375db1b32581d21850d3f3970b67e14
<Turbolinux 7 Server>
Source Packages Size: MD5
nss_ldap-202-3.src.rpm 199582 59ed7aa5913cf47bd810b8e8adc308f2
Binary Packages Size: MD5
nss_ldap-202-3.i586.rpm 78955 3a4d36320552b164880999760532d197
<Turbolinux 7 Workstation>
Source Packages Size: MD5
nss_ldap-202-3.src.rpm 199582 614d011a344583f6f1c9d20ea4b5eb01
Binary Packages Size: MD5
nss_ldap-202-3.i586.rpm 79024 f9e45874b4b02185bd362bece4ecec54
References:
CVE [CAN-2005-2069] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069
-------------------------------------------------------------------------- Revision History 29 Aug 2005 Initial release --------------------------------------------------------------------------
Copyright(C) 2005 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDEptgK0LzjOqIJMwRAgvtAKCYuQHofYL1XHGglGTr4HSaPw0+QwCfXva3 dyYrJo0Cw+B72fI8csTAgeg= =AODL -----END PGP SIGNATURE-----
|
|
|
|