drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in libpam-ldap
Name: |
Mangelnde Rechteprüfung in libpam-ldap |
|
ID: |
DSA-1203-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sarge |
|
Datum: |
Do, 2. November 2006, 19:57 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170 |
|
Applikationen: |
pam_ldap |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA 1203-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 2nd, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------
Package : libpam-ldap Vulnerability : programming error Problem-Type : remote Debian-specific: no CVE ID : CVE-2006-5170 Debian Bug : 392984
Steve Rigler discovered that the PAM module for authentication against LDAP servers processes PasswordPolicyReponse control messages incorrectly, which might lead to an attacker being able to login into a suspended system account.
For the stable distribution (sarge) this problem has been fixed in version 178-1sarge3. Due to technical problems with the security buildd infrastructure this update lacks a build for the Sun Sparc architecture. It will be released as soon as the problems are resolved.
For the unstable distribution (sid) this problem has been fixed in version 180-1.2.
We recommend that you upgrade your libpam-ldap package.
Upgrade Instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge - --------------------------------
Source archives:
libpam-ldap_178-1sarge3.dsc Size/MD5 checksum: 672 70ea2f0c5b12d5feebd5ffefcc5f1900 libpam-ldap_178-1sarge3.diff.gz Size/MD5 checksum: 19895 1ad6af601dbe8caf066477759f5eb83f libpam-ldap_178.orig.tar.gz Size/MD5 checksum: 127074 222186c498d24a7035e8a7494fc0797d
Alpha architecture:
libpam-ldap_178-1sarge3_alpha.deb Size/MD5 checksum: 59374 94464d923e7eb3b1b88a721a9782b210
AMD64 architecture:
libpam-ldap_178-1sarge3_amd64.deb Size/MD5 checksum: 57138 a631c72b776e575907e14f60a71ff0b4
ARM architecture:
libpam-ldap_178-1sarge3_arm.deb Size/MD5 checksum: 55960 d6a73da11f36c51bf85a0886bbe96832
HP Precision architecture:
libpam-ldap_178-1sarge3_hppa.deb Size/MD5 checksum: 60088 830364405f19bc2f31ad49ca9d668fce
Intel IA-32 architecture:
libpam-ldap_178-1sarge3_i386.deb Size/MD5 checksum: 58096 fa704c2fb6dfa9607921ca189390ab71
Intel IA-64 architecture:
libpam-ldap_178-1sarge3_ia64.deb Size/MD5 checksum: 65134 597ef7f32ab801ef56abdce72db508e0
Motorola 680x0 architecture:
libpam-ldap_178-1sarge3_m68k.deb Size/MD5 checksum: 56108 5d28ec4ad76bcde81b667d1b8ee7d05d
Big endian MIPS architecture:
libpam-ldap_178-1sarge3_mips.deb Size/MD5 checksum: 56466 a1934c07b2c2e868b79bbbbd23642431
Little endian MIPS architecture:
libpam-ldap_178-1sarge3_mipsel.deb Size/MD5 checksum: 56380 4c7bb457e02e385103d0d06a10bdd63d
PowerPC architecture:
libpam-ldap_178-1sarge3_powerpc.deb Size/MD5 checksum: 57342 932c9f2ba28624402ec73b33bf440c1b
IBM S/390 architecture:
libpam-ldap_178-1sarge3_s390.deb Size/MD5 checksum: 57466 8555d1c9062803e73d5ee77245bb0aee
These files will probably be moved into the stable distribution on its next update.
- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFSj43Xm3vHE4uyloRAtr+AJ9QjUcxlJAzkB1Sw7GPcgjHFvLS4gCg1HPe LIzg/sS19K5dQ+NtXBoJG4k= =DHcQ -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|