drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in nss_ldap
| Name: |
Preisgabe von Informationen in nss_ldap |
|
| ID: |
TLSA-2005-86 |
|
| Distribution: |
TurboLinux |
|
| Plattformen: |
Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 7 Server, Turbolinux 7 Workstation, Turbolinux 8 Server, Turbolinux 8 Workstation, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal |
|
| Datum: |
Sa, 3. September 2005, 03:50 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2069 |
|
| Applikationen: |
nss_ldap |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2005-86
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 29 Aug 2005
Last revised: 29 Aug 2005
Package: nss_ldap
Summary: Password leak
More information:
The nss_ldap is a set of C library extensions which allows X.500 and LDAP
directory servers to be used as a primary source of aliases, ethers,
groups, hosts, networks, protocol, users, RPCs, services and shadow
passwords (instead of or in addition to using flat files or NIS).
The pam_ldap and nss_ldap would not use TLS for referred connections
if they are referred to a master after connecting to a slave.
Impact:
The pam_ldap and nss_ldap may cause a password to be sent in cleartext and
allows remote attackers to sniff the password.
Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal]
# turbopkg
or
# zabom -u nss_ldap
[other]
# turbopkg
or
# zabom update nss_ldap
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
Size: MD5
nss_ldap-209-2.src.rpm
226968 c85c3be40324b73654a0ed2eb3d7533c
Binary Packages
Size: MD5
nss_ldap-209-2.i586.rpm
77229 e1f5ffc41a49b077adeb9bc2b3b72a34
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
Multimedia, Turbolinux Personal>
Source Packages
Size: MD5
nss_ldap-209-2.src.rpm
226968 4e4213a6741b85eb547d524956cad20c
Binary Packages
Size: MD5
nss_ldap-209-2.i586.rpm
77071 06287205b2d06c7551c56e91ef4748d2
<Turbolinux 8 Server>
Source Packages
Size: MD5
nss_ldap-202-3.src.rpm
199582 fc26c54ff2558cd93532bf2c59b653d2
Binary Packages
Size: MD5
nss_ldap-202-3.i586.rpm
79356 56bc1beb223b5d7b1bae6d26ad0d92fe
<Turbolinux 8 Workstation>
Source Packages
Size: MD5
nss_ldap-202-3.src.rpm
199582 582b891468b11143d1cc9e4c95e5d81e
Binary Packages
Size: MD5
nss_ldap-202-3.i586.rpm
79366 1375db1b32581d21850d3f3970b67e14
<Turbolinux 7 Server>
Source Packages
Size: MD5
nss_ldap-202-3.src.rpm
199582 59ed7aa5913cf47bd810b8e8adc308f2
Binary Packages
Size: MD5
nss_ldap-202-3.i586.rpm
78955 3a4d36320552b164880999760532d197
<Turbolinux 7 Workstation>
Source Packages
Size: MD5
nss_ldap-202-3.src.rpm
199582 614d011a344583f6f1c9d20ea4b5eb01
Binary Packages
Size: MD5
nss_ldap-202-3.i586.rpm
79024 f9e45874b4b02185bd362bece4ecec54
References:
CVE
[CAN-2005-2069]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069
--------------------------------------------------------------------------
Revision History
29 Aug 2005 Initial release
--------------------------------------------------------------------------
Copyright(C) 2005 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDEptgK0LzjOqIJMwRAgvtAKCYuQHofYL1XHGglGTr4HSaPw0+QwCfXva3
dyYrJo0Cw+B72fI8csTAgeg=
=AODL
-----END PGP SIGNATURE-----
|
|
|
|
