drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in pam_ldap
| Name: |
Preisgabe von Informationen in pam_ldap |
|
| ID: |
TLSA-2005-87 |
|
| Distribution: |
TurboLinux |
|
| Plattformen: |
Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 7 Server, Turbolinux 7 Workstation, Turbolinux 8 Server, Turbolinux 8 Workstation, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition |
|
| Datum: |
Sa, 3. September 2005, 03:50 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2069 |
|
| Applikationen: |
pam_ldap |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2005-87
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 29 Aug 2005
Last revised: 29 Aug 2005
Package: pam_ldap
Summary: Password leak
More information:
This is pam_ldap, a pluggable authentication module that can be used with
linux-PAM. This module supports password changes, V2 clients, Netscapes
SSL,
ypldapd, Netscape Directory Server password policies, access authorization,
crypted hashes, etc.
The pam_ldap and nss_ldap would not use TLS for referred connections
if they are referred to a master after connecting to a slave.
Impact:
The pam_ldap and nss_ldap may cause a password to be sent in cleartext and
allows remote attackers to sniff the password.
Affected Products:
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal]
# turbopkg
or
# zabom -u pam_ldap
[other]
# turbopkg
or
# zabom update pam_ldap
---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages
Size: MD5
pam_ldap-148-3.src.rpm
112233 abefe3aa030974e314fc2a5964aea280
Binary Packages
Size: MD5
pam_ldap-148-3.i586.rpm
70375 27c29cf18c9664a09155a7d1ad1c961b
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages
Size: MD5
pam_ldap-148-3.src.rpm
112233 3c252cd236b65afa3d2c0a9a8cc669a2
Binary Packages
Size: MD5
pam_ldap-148-3.i586.rpm
70583 4615d1d3d8a3b6b84efd0947961d27a3
<Turbolinux 10 Server>
Source Packages
Size: MD5
pam_ldap-164-2.src.rpm
126714 4efdce26c7e639b49e0287da1ff3037c
Binary Packages
Size: MD5
pam_ldap-164-2.i586.rpm
46618 bd81fd78bd2305e26a71efd1123feaed
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
Multimedia, Turbolinux Personal>
Source Packages
Size: MD5
pam_ldap-164-2.src.rpm
126714 5409b321eceb3612e881b0eafc4851f9
Binary Packages
Size: MD5
pam_ldap-164-2.i586.rpm
46766 a3c4b3bbab2d7290d2bc261f9c0698c4
<Turbolinux 8 Server>
Source Packages
Size: MD5
pam_ldap-148-3.src.rpm
112233 b14f45cf7f7984508e8701e421e9cddc
Binary Packages
Size: MD5
pam_ldap-148-3.i586.rpm
70546 7b5f75094e2fe3a23eb6f3adf9360e3e
<Turbolinux 8 Workstation>
Source Packages
Size: MD5
pam_ldap-148-3.src.rpm
112233 bc22f3981e361c678c94d8a1a7267265
Binary Packages
Size: MD5
pam_ldap-148-3.i586.rpm
70479 13ff9d979ce83fbb5e184fdd47c82f19
<Turbolinux 7 Server>
Source Packages
Size: MD5
pam_ldap-148-3.src.rpm
112233 a0bf03f447c276c1f97b86b866481d05
Binary Packages
Size: MD5
pam_ldap-148-3.i586.rpm
68845 9090da288e7065668fc2a80c20ee0cb4
<Turbolinux 7 Workstation>
Source Packages
Size: MD5
pam_ldap-148-3.src.rpm
112233 b228193e8a1fc9d7f634e9b126b8211c
Binary Packages
Size: MD5
pam_ldap-148-3.i586.rpm
68821 9173b4b8d339f6e8bf052de1b9e105a0
References:
CVE
[CAN-2005-2069]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069
--------------------------------------------------------------------------
Revision History
29 Aug 2005 Initial release
--------------------------------------------------------------------------
Copyright(C) 2005 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDEptmK0LzjOqIJMwRAuklAJ4scKXcvC0PPVZSaFlVKcE3tp4U+wCeINDc
ImW0VlWBo656jc488UpVbEg=
=GGL1
-----END PGP SIGNATURE-----
|
|
|
|
