Thursday Jan 17, 2008

pam_ldap and nss_ldap Plain text authentication leak

GLSA 200507-13
1. Gentoo Linux Security Advisory
Version Information

Advisory Reference GLSA 200507-13 / pam_ldap nss_ldap
Release Date July 14, 2005
Latest Revision July 14, 2005: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
sys-auth/nss_ldap < 239-r1 >= 239-r1, 226-r1 All supported architectures
sys-auth/pam_ldap < 178-r1 >= 178-r1 All supported architectures

Related bugreports: #96767

Synopsis

pam_ldap and nss_ldap fail to restart TLS when following a referral, possibly leading to credentials being sent in plain text.

2. Impact Information

Background

pam_ldap is a Pluggable Authentication Module which allows authentication against an LDAP directory. nss_ldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. TLS is Transport Layer Security, a protocol that allows encryption of network communications.

Description

Rob Holland of the Gentoo Security Audit Team discovered that pam_ldap and nss_ldap fail to use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the "ssl start_tls" ldap.conf setting.

Impact

An attacker could sniff passwords or other sensitive information as the communication is not encrypted.

3. Resolution Information

Workaround

pam_ldap and nss_ldap can be set to force the use of SSL instead of TLS.

Resolution

All pam_ldap users should upgrade to the latest version:

Code Listing 3.1

# emerge ——sync
# emerge ——ask ——oneshot ——verbose ">=sys-auth/pam_ldap-178-r1"

All nss_ldap users should upgrade to the latest version:

Code Listing 3.2

# emerge ——sync
# emerge ——ask ——oneshot ——verbose sys-auth/nss_ldap

4. References

CAN-2005-2069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069
 
http://www.gentoo.org/security/en/glsa/glsa-200507-13.xml
About

for everything on Identity, JCAPS, SOA, WebServices, Security, Single Signon, Federation, Provisioning, Virtualization, Optimization, Debugging, Workflows, Compliance, MySQL and more... WAY MORE....

[this is a group blog]

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today