PADL Software Pam_Ldap PasswordPolicyResponse Authentication Bypass Vulnerability
BID:20880
Info
PADL Software Pam_Ldap PasswordPolicyResponse Authentication Bypass Vulnerability
| Bugtraq ID: | 20880 |
| Class: | Design Error |
| CVE: |
CVE-2006-5170 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 02 2006 12:00AM |
| Updated: | Jan 17 2007 07:20PM |
| Credit: | Steve Rigler is credited with the discovery of this vulnerability. |
| Vulnerable: |
Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 7 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 10 S.u.S.E. cvsup-16.1h-36.i586.rpm rPath rPath Linux 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Desktop 4.0 Red Hat Fedora Core6 Red Hat Fedora Core5 Red Hat Fedora Core4 Red Hat Fedora Core3 Red Hat Enterprise Linux AS 4 Padl Software pam_ldap Build 180 Padl Software pam_ldap Build 179 Padl Software pam_ldap Build 178 Padl Software pam_ldap Build 169 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Gentoo sys-auth/pam_ldap 183 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: | |
Discussion
PADL Software Pam_Ldap PasswordPolicyResponse Authentication Bypass Vulnerability
The pam_ldap module is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to bypass authentication. This occurs in applications using pam_ldap authentication for locked-out accounts.
The pam_ldap module is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to bypass authentication. This occurs in applications using pam_ldap authentication for locked-out accounts.
Exploit / POC
PADL Software Pam_Ldap PasswordPolicyResponse Authentication Bypass Vulnerability
To exploit this issue, an attacker requires access to a vulnerable application This may be through a web client or, depending on the affected application, may require local interactive access.
To exploit this issue, an attacker requires access to a vulnerable application This may be through a web client or, depending on the affected application, may require local interactive access.
Solution / Fix
PADL Software Pam_Ldap PasswordPolicyResponse Authentication Bypass Vulnerability
Solution:
Please see the referenced advisories for more information.
Padl Software pam_ldap Build 178
Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Solution:
Please see the referenced advisories for more information.
Padl Software pam_ldap Build 178
-
Debian libpam-ldap_178-1sarge3_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_alpha.deb -
Debian libpam-ldap_178-1sarge3_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_amd64.deb -
Debian libpam-ldap_178-1sarge3_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_arm.deb -
Debian libpam-ldap_178-1sarge3_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_hppa.deb -
Debian libpam-ldap_178-1sarge3_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_i386.deb -
Debian libpam-ldap_178-1sarge3_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_ia64.deb -
Debian libpam-ldap_178-1sarge3_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_m68k.deb -
Debian libpam-ldap_178-1sarge3_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_mips.deb -
Debian libpam-ldap_178-1sarge3_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_mipsel.deb -
Debian libpam-ldap_178-1sarge3_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_powerpc.deb -
Debian libpam-ldap_178-1sarge3_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_s390.deb
Trustix Secure Linux 2.2
-
Trustix ldapclients-common-183-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix pam_ldap-183-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-cli-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-curl-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-devel-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-exif-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-fcgi-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-gd-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-imap-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-ldap-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-mcrypt-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-mhash-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-mysql-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-openssl-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-pdo-mysql-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-pdo-sqlite-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-pgsql-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-sqlite-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-zlib-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix Secure Linux 3.0
-
Trustix ldapclients-common-183-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix mutt-1.4.2.1-10tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix pam_ldap-183-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-calendar-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-cli-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-curl-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-dba-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-devel-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-exif-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-fcgi-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-gd-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-imap-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-imap-5.2.0-1tr.i586.rpmphp-imap-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-ldap-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-mcrypt-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-mhash-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-mysql-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-mysqli-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-openssl-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-pdo-mysql-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-pdo-sqlite-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-pgsql-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-pspell-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-snmp-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-sqlite-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-xslt-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix php-zlib-5.2.0-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates
References
PADL Software Pam_Ldap PasswordPolicyResponse Authentication Bypass Vulnerability
References:
References:
- Bugzilla Bug 207286: CVE-2006-5170 When using LDAP for authentication, xscreensa (Steve Rigler)
- pam_ldap Product Page (Padl Software)