ID CVE-2005-2069 Type cve Reporter cve@mitre.org Modified 2020-11-16T19:30:00
Description
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
{"id": "CVE-2005-2069", "bulletinFamily": "NVD", "title": "CVE-2005-2069", "description": "pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.", "published": "2005-06-30T04:00:00", "modified": "2020-11-16T19:30:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2069", "reporter": "cve@mitre.org", "references": ["http://bugs.gentoo.org/show_bug.cgi?id=96767", "http://bugzilla.padl.com/show_bug.cgi?id=211", "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161990", "http://secunia.com/advisories/17233", "http://www.osvdb.org/17692", "http://www.redhat.com/support/errata/RHSA-2005-751.html", "http://secunia.com/advisories/21520", "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm", "http://www.redhat.com/support/errata/RHSA-2005-767.html", "http://www.ubuntu.com/usn/usn-152-1", "http://bugzilla.padl.com/show_bug.cgi?id=210", "http://www.gentoo.org/security/en/glsa/glsa-200507-13.xml", "http://secunia.com/advisories/17845", "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:121", "http://www.securityfocus.com/bid/14126", "http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0060.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/21245", "http://www.openldap.org/its/index.cgi/Incoming?id=3791", "http://www.securityfocus.com/bid/14125", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9445"], "cvelist": ["CVE-2005-2069"], "type": "cve", "lastseen": "2020-11-17T14:04:25", "edition": 4, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "ubuntu", "idList": ["USN-152-1"]}, {"type": "openvas", "idList": ["OPENVAS:54989", "OPENVAS:136141256231065152", "OPENVAS:65152", "OPENVAS:136141256231065601", "OPENVAS:65601"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2005-767.NASL", "UBUNTU_USN-152-1.NASL", "CENTOS_RHSA-2005-767.NASL", "REDHAT-RHSA-2005-751.NASL", "GENTOO_GLSA-200507-13.NASL", "DEBIAN_DSA-785.NASL", "MANDRAKE_MDKSA-2005-121.NASL", "CENTOS_RHSA-2005-751.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:17692"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:9181"]}, {"type": "gentoo", "idList": ["GLSA-200507-13"]}, {"type": "redhat", "idList": ["RHSA-2005:767", "RHSA-2005:751"]}, {"type": "centos", "idList": ["CESA-2005:767", "CESA-2005:751", "CESA-2005:751-01"]}], "modified": "2020-11-17T14:04:25", "rev": 2}, "score": {"value": 4.8, "vector": "NONE", "modified": "2020-11-17T14:04:25", "rev": 2}, "vulnersScore": 4.8}, "cpe": ["cpe:/a:padl:pam_ldap:-", "cpe:/a:padl:nss_ldap:-"], "affectedSoftware": [{"cpeName": "padl:pam_ldap", "name": "padl pam ldap", "operator": "eq", "version": "-"}, {"cpeName": "padl:nss_ldap", "name": "padl nss ldap", "operator": "eq", "version": "-"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:padl:pam_ldap:-:*:*:*:*:*:*:*", "cpe:2.3:a:padl:nss_ldap:-:*:*:*:*:*:*:*"], "cwe": ["CWE-319"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:padl:nss_ldap:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:padl:pam_ldap:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "affectedConfiguration": [{"cpeName": "openldap:openldap", "name": "openldap", "operator": "eq", "version": "*"}]}
{"openvas": [{"lastseen": "2018-04-06T11:37:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2069"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openldap2-client\n openldap2-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016606 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065601", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065601", "type": "openvas", "title": "SLES9: Security update for openldap2-client,openldap2-devel", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016606.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for openldap2-client,openldap2-devel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openldap2-client\n openldap2-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016606 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65601\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-2069\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for openldap2-client,openldap2-devel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openldap2-client\", rpm:\"openldap2-client~2.2.24~4.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2069"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n pam_ldap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015275 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065152", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065152", "type": "openvas", "title": "SLES9: Security update for pam_ldap", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5015275.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for pam_ldap\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n pam_ldap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015275 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65152\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-2069\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for pam_ldap\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"pam_ldap\", rpm:\"pam_ldap~169~28.4\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2069"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200507-13.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54989", "href": "http://plugins.openvas.org/nasl.php?oid=54989", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200507-13 (pam_ldap nss_ldap)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"pam_ldap and nss_ldap fail to restart TLS when following a referral,\npossibly leading to credentials being sent in plain text.\";\ntag_solution = \"All pam_ldap users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-auth/pam_ldap-178-r1'\n\nAll nss_ldap users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose sys-auth/nss_ldap\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200507-13\nhttp://bugs.gentoo.org/show_bug.cgi?id=96767\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200507-13.\";\n\n \n\nif(description)\n{\n script_id(54989);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(14126, 14125);\n script_cve_id(\"CVE-2005-2069\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200507-13 (pam_ldap nss_ldap)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"sys-auth/nss_ldap\", unaffected: make_list(\"ge 239-r1\", \"rge 226-r1\"), vulnerable: make_list(\"lt 239-r1\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"sys-auth/pam_ldap\", unaffected: make_list(\"ge 178-r1\"), vulnerable: make_list(\"lt 178-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2069"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openldap2-client\n openldap2-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016606 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65601", "href": "http://plugins.openvas.org/nasl.php?oid=65601", "type": "openvas", "title": "SLES9: Security update for openldap2-client,openldap2-devel", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016606.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for openldap2-client,openldap2-devel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openldap2-client\n openldap2-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016606 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65601);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-2069\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for openldap2-client,openldap2-devel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openldap2-client\", rpm:\"openldap2-client~2.2.24~4.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2069"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n pam_ldap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015275 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65152", "href": "http://plugins.openvas.org/nasl.php?oid=65152", "type": "openvas", "title": "SLES9: Security update for pam_ldap", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5015275.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for pam_ldap\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n pam_ldap\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015275 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65152);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-2069\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for pam_ldap\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"pam_ldap\", rpm:\"pam_ldap~169~28.4\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-2069"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.openldap.org/its/index.cgi/Incoming?id=3791\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-156.htm)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051003-01-U.asc)\n[Secunia Advisory ID:16161](https://secuniaresearch.flexerasoftware.com/advisories/16161/)\n[Secunia Advisory ID:15906](https://secuniaresearch.flexerasoftware.com/advisories/15906/)\n[Secunia Advisory ID:15920](https://secuniaresearch.flexerasoftware.com/advisories/15920/)\n[Secunia Advisory ID:16804](https://secuniaresearch.flexerasoftware.com/advisories/16804/)\n[Secunia Advisory ID:17233](https://secuniaresearch.flexerasoftware.com/advisories/17233/)\n[Secunia Advisory ID:17845](https://secuniaresearch.flexerasoftware.com/advisories/17845/)\n[Secunia Advisory ID:16076](https://secuniaresearch.flexerasoftware.com/advisories/16076/)\n[Secunia Advisory ID:16113](https://secuniaresearch.flexerasoftware.com/advisories/16113/)\n[Secunia Advisory ID:17335](https://secuniaresearch.flexerasoftware.com/advisories/17335/)\n[Secunia Advisory ID:21520](https://secuniaresearch.flexerasoftware.com/advisories/21520/)\nRedHat RHSA: RHSA-2005:767\nOther Advisory URL: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161990\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-152-1\nOther Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:121\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Sep/0004.html\nOther Advisory URL: http://www.trustix.org/errata/2005/0031/\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200507-13.xml\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0060.html\n[CVE-2005-2069](https://vulners.com/cve/CVE-2005-2069)\n", "modified": "2005-06-21T06:24:57", "published": "2005-06-21T06:24:57", "href": "https://vulners.com/osvdb/OSVDB:17692", "id": "OSVDB:17692", "title": "OpenLDAP / pam_ldap TLS Connection Cleartext Password Disclosure", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:13", "bulletinFamily": "software", "cvelist": ["CVE-2005-2069"], "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200507-13\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: pam_ldap and nss_ldap: Plain text authentication leak\r\n Date: July 14, 2005\r\n Bugs: #96767\r\n ID: 200507-13\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\npam_ldap and nss_ldap fail to restart TLS when following a referral,\r\npossibly leading to credentials being sent in plain text.\r\n\r\nBackground\r\n==========\r\n\r\npam_ldap is a Pluggable Authentication Module which allows\r\nauthentication against an LDAP directory. nss_ldap is a Name Service\r\nSwitch module which allows 'passwd', 'group' and 'host' database\r\ninformation to be pulled from LDAP. TLS is Transport Layer Security, a\r\nprotocol that allows encryption of network communications.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 sys-auth/nss_ldap < 239-r1 >= 239-r1\r\n *>= 226-r1\r\n 2 sys-auth/pam_ldap < 178-r1 >= 178-r1\r\n -------------------------------------------------------------------\r\n 2 affected packages on all of their supported architectures.\r\n -------------------------------------------------------------------\r\n\r\nDescription\r\n===========\r\n\r\nRob Holland of the Gentoo Security Audit Team discovered that pam_ldap\r\nand nss_ldap fail to use TLS for referred connections if they are\r\nreferred to a master after connecting to a slave, regardless of the\r\n"ssl start_tls" ldap.conf setting.\r\n\r\nImpact\r\n======\r\n\r\nAn attacker could sniff passwords or other sensitive information as the\r\ncommunication is not encrypted.\r\n\r\nWorkaround\r\n==========\r\n\r\npam_ldap and nss_ldap can be set to force the use of SSL instead of\r\nTLS.\r\n\r\nResolution\r\n==========\r\n\r\nAll pam_ldap users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=sys-auth/pam_ldap-178-r1"\r\n\r\nAll nss_ldap users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose sys-auth/nss_ldap\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CAN-2005-2069\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200507-13.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2005 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.0\r\n", "edition": 1, "modified": "2005-07-14T00:00:00", "published": "2005-07-14T00:00:00", "id": "SECURITYVULNS:DOC:9181", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9181", "title": "[Full-disclosure] [ GLSA 200507-13 ] pam_ldap and nss_ldap: Plain text authentication leak", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:12", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2069"], "description": "### Background\n\npam_ldap is a Pluggable Authentication Module which allows authentication against an LDAP directory. nss_ldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. TLS is Transport Layer Security, a protocol that allows encryption of network communications. \n\n### Description\n\nRob Holland of the Gentoo Security Audit Team discovered that pam_ldap and nss_ldap fail to use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the \"ssl start_tls\" ldap.conf setting. \n\n### Impact\n\nAn attacker could sniff passwords or other sensitive information as the communication is not encrypted. \n\n### Workaround\n\npam_ldap and nss_ldap can be set to force the use of SSL instead of TLS. \n\n### Resolution\n\nAll pam_ldap users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-auth/pam_ldap-178-r1\"\n\nAll nss_ldap users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose sys-auth/nss_ldap", "edition": 1, "modified": "2005-07-14T00:00:00", "published": "2005-07-14T00:00:00", "id": "GLSA-200507-13", "href": "https://security.gentoo.org/glsa/200507-13", "type": "gentoo", "title": "pam_ldap and nss_ldap: Plain text authentication leak", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-01T06:38:06", "description": "Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and\nlibnss-ldap. When a client connected to a slave LDAP server using SSL,\nthe slave server did not use SSL as well when contacting the LDAP\nmaster server. This caused passwords and other confident information\nto be transmitted unencrypted between the slave and the master.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 / 5.04 : openldap2, libpam-ldap, libnss-ldap vulnerabilities (USN-152-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2069"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libldap2-dev", "p-cpe:/a:canonical:ubuntu_linux:ldap-utils", "p-cpe:/a:canonical:ubuntu_linux:libnss-ldap", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:slapd", "p-cpe:/a:canonical:ubuntu_linux:libldap2", "p-cpe:/a:canonical:ubuntu_linux:libslapd2-dev", "p-cpe:/a:canonical:ubuntu_linux:libpam-ldap"], "id": "UBUNTU_USN-152-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20553", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-152-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20553);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:33:00\");\n\n script_cve_id(\"CVE-2005-2069\");\n script_bugtraq_id(14125, 14126);\n script_xref(name:\"USN\", value:\"152-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : openldap2, libpam-ldap, libnss-ldap vulnerabilities (USN-152-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and\nlibnss-ldap. When a client connected to a slave LDAP server using SSL,\nthe slave server did not use SSL as well when contacting the LDAP\nmaster server. This caused passwords and other confident information\nto be transmitted unencrypted between the slave and the master.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ldap-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libldap2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libslapd2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:slapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"ldap-utils\", pkgver:\"2.1.30-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libldap2\", pkgver:\"2.1.30-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libldap2-dev\", pkgver:\"2.1.30-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libnss-ldap\", pkgver:\"211-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libpam-ldap\", pkgver:\"164-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libslapd2-dev\", pkgver:\"2.1.30-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"slapd\", pkgver:\"2.1.30-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ldap-utils\", pkgver:\"2.1.30-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libldap2\", pkgver:\"2.1.30-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libldap2-dev\", pkgver:\"2.1.30-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libnss-ldap\", pkgver:\"220-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libpam-ldap\", pkgver:\"169-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libslapd2-dev\", pkgver:\"2.1.30-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"slapd\", pkgver:\"2.1.30-3ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ldap-utils / libldap2 / libldap2-dev / libnss-ldap / libpam-ldap / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:51:58", "description": "The remote host is affected by the vulnerability described in GLSA-200507-13\n(pam_ldap and nss_ldap: Plain text authentication leak)\n\n Rob Holland of the Gentoo Security Audit Team discovered that\n pam_ldap and nss_ldap fail to use TLS for referred connections if they\n are referred to a master after connecting to a slave, regardless of the\n 'ssl start_tls' ldap.conf setting.\n \nImpact :\n\n An attacker could sniff passwords or other sensitive information\n as the communication is not encrypted.\n \nWorkaround :\n\n pam_ldap and nss_ldap can be set to force the use of SSL instead\n of TLS.", "edition": 25, "published": "2005-07-14T00:00:00", "title": "GLSA-200507-13 : pam_ldap and nss_ldap: Plain text authentication leak", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2069"], "modified": "2005-07-14T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:pam_ldap", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:nss_ldap"], "id": "GENTOO_GLSA-200507-13.NASL", "href": "https://www.tenable.com/plugins/nessus/19200", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200507-13.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19200);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2069\");\n script_bugtraq_id(14126);\n script_xref(name:\"GLSA\", value:\"200507-13\");\n\n script_name(english:\"GLSA-200507-13 : pam_ldap and nss_ldap: Plain text authentication leak\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200507-13\n(pam_ldap and nss_ldap: Plain text authentication leak)\n\n Rob Holland of the Gentoo Security Audit Team discovered that\n pam_ldap and nss_ldap fail to use TLS for referred connections if they\n are referred to a master after connecting to a slave, regardless of the\n 'ssl start_tls' ldap.conf setting.\n \nImpact :\n\n An attacker could sniff passwords or other sensitive information\n as the communication is not encrypted.\n \nWorkaround :\n\n pam_ldap and nss_ldap can be set to force the use of SSL instead\n of TLS.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200507-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All pam_ldap users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-auth/pam_ldap-178-r1'\n All nss_ldap users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose sys-auth/nss_ldap\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nss_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pam_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-auth/pam_ldap\", unaffected:make_list(\"ge 178-r1\"), vulnerable:make_list(\"lt 178-r1\"))) flag++;\nif (qpkg_check(package:\"sys-auth/nss_ldap\", unaffected:make_list(\"ge 239-r1\", \"rge 226-r1\"), vulnerable:make_list(\"lt 239-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam_ldap and nss_ldap\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T04:55:43", "description": "Updated openldap and nss_ldap packages that correct a potential\npassword disclosure issue and possible authentication vulnerability\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nThe nss_ldap module is an extension for use with GNU libc which allows\napplications to, without internal modification, consult a directory\nservice using LDAP to supplement information that would be read from\nlocal files such as /etc/passwd, /etc/group, and /etc/shadow.\n\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\nservers. If a client connection is referred to a different server, it\nis possible that the referred connection will not be encrypted even if\nthe client has 'ssl start_tls' in its ldap.conf file. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-2069 to this issue.\n\nA bug was found in the way the pam_ldap module processed certain\nfailure messages. If the server includes supplemental data in an\nauthentication failure result message, but the data does not include\nany specific error code, the pam_ldap module would proceed as if the\nauthentication request had succeeded, and authentication would\nsucceed. The Common Vulnerabilities and Exposures project has assigned\nthe name CVE-2005-2641 to this issue.\n\nAdditionally the following issues are corrected in this erratum.\n\n - The OpenLDAP upgrading documentation has been updated.\n\n - Fix a database deadlock locking issue.\n\n - A fix where slaptest segfaults on exit after successful\n check.\n\n - The library libslapd_db-4.2.so is now located in an\n architecture-dependent directory.\n\n - The LDAP client no longer enters an infinite loop when\n the server returns a reference to itself.\n\n - The pam_ldap module adds the ability to check user\n passwords using a directory server to PAM-aware\n applications.\n\n - The directory server can now include supplemental\n information regarding the state of the user's account if\n a client indicates that it supports such a feature.\n\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these\nupdated packages, which contain backported fixes that resolve these\nissues.", "edition": 27, "published": "2005-10-19T00:00:00", "title": "RHEL 4 : openldap and nss_ldap (RHSA-2005:767)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2069", "CVE-2005-2641"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql", "p-cpe:/a:redhat:enterprise_linux:openldap-servers", "p-cpe:/a:redhat:enterprise_linux:openldap", "p-cpe:/a:redhat:enterprise_linux:nss_ldap", "p-cpe:/a:redhat:enterprise_linux:openldap-devel", "p-cpe:/a:redhat:enterprise_linux:openldap-clients", "p-cpe:/a:redhat:enterprise_linux:compat-openldap"], "id": "REDHAT-RHSA-2005-767.NASL", "href": "https://www.tenable.com/plugins/nessus/20046", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:767. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20046);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2019/10/25 13:36:11\");\n\n script_cve_id(\"CVE-2005-2069\", \"CVE-2005-2641\");\n script_bugtraq_id(14125, 14126);\n script_xref(name:\"RHSA\", value:\"2005:767\");\n\n script_name(english:\"RHEL 4 : openldap and nss_ldap (RHSA-2005:767)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openldap and nss_ldap packages that correct a potential\npassword disclosure issue and possible authentication vulnerability\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nThe nss_ldap module is an extension for use with GNU libc which allows\napplications to, without internal modification, consult a directory\nservice using LDAP to supplement information that would be read from\nlocal files such as /etc/passwd, /etc/group, and /etc/shadow.\n\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\nservers. If a client connection is referred to a different server, it\nis possible that the referred connection will not be encrypted even if\nthe client has 'ssl start_tls' in its ldap.conf file. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-2069 to this issue.\n\nA bug was found in the way the pam_ldap module processed certain\nfailure messages. If the server includes supplemental data in an\nauthentication failure result message, but the data does not include\nany specific error code, the pam_ldap module would proceed as if the\nauthentication request had succeeded, and authentication would\nsucceed. The Common Vulnerabilities and Exposures project has assigned\nthe name CVE-2005-2641 to this issue.\n\nAdditionally the following issues are corrected in this erratum.\n\n - The OpenLDAP upgrading documentation has been updated.\n\n - Fix a database deadlock locking issue.\n\n - A fix where slaptest segfaults on exit after successful\n check.\n\n - The library libslapd_db-4.2.so is now located in an\n architecture-dependent directory.\n\n - The LDAP client no longer enters an infinite loop when\n the server returns a reference to itself.\n\n - The pam_ldap module adds the ability to check user\n passwords using a directory server to PAM-aware\n applications.\n\n - The directory server can now include supplemental\n information regarding the state of the user's account if\n a client indicates that it supports such a feature.\n\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these\nupdated packages, which contain backported fixes that resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:767\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:767\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"compat-openldap-2.1.30-4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"nss_ldap-226-10\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-2.2.13-4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-clients-2.2.13-4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-devel-2.2.13-4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-servers-2.2.13-4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openldap-servers-sql-2.2.13-4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / nss_ldap / openldap / openldap-clients / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:24:52", "description": "Updated openldap and nss_ldap packages that correct a potential\npassword disclosure issue and possible authentication vulnerability\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nThe nss_ldap module is an extension for use with GNU libc which allows\napplications to, without internal modification, consult a directory\nservice using LDAP to supplement information that would be read from\nlocal files such as /etc/passwd, /etc/group, and /etc/shadow.\n\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\nservers. If a client connection is referred to a different server, it\nis possible that the referred connection will not be encrypted even if\nthe client has 'ssl start_tls' in its ldap.conf file. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-2069 to this issue.\n\nA bug was found in the way the pam_ldap module processed certain\nfailure messages. If the server includes supplemental data in an\nauthentication failure result message, but the data does not include\nany specific error code, the pam_ldap module would proceed as if the\nauthentication request had succeeded, and authentication would\nsucceed. The Common Vulnerabilities and Exposures project has assigned\nthe name CVE-2005-2641 to this issue.\n\nAdditionally the following issues are corrected in this erratum.\n\n - The OpenLDAP upgrading documentation has been updated.\n\n - Fix a database deadlock locking issue.\n\n - A fix where slaptest segfaults on exit after successful\n check.\n\n - The library libslapd_db-4.2.so is now located in an\n architecture-dependent directory.\n\n - The LDAP client no longer enters an infinite loop when\n the server returns a reference to itself.\n\n - The pam_ldap module adds the ability to check user\n passwords using a directory server to PAM-aware\n applications.\n\n - The directory server can now include supplemental\n information regarding the state of the user's account if\n a client indicates that it supports such a feature.\n\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these\nupdated packages, which contain backported fixes that resolve these\nissues.", "edition": 27, "published": "2006-07-05T00:00:00", "title": "CentOS 4 : openldap / nss_ldap (CESA-2005:767)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2069", "CVE-2005-2641"], "modified": "2006-07-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:nss_ldap", "p-cpe:/a:centos:centos:compat-openldap", "p-cpe:/a:centos:centos:openldap", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:openldap-servers-sql", "p-cpe:/a:centos:centos:openldap-servers", "p-cpe:/a:centos:centos:openldap-devel", "p-cpe:/a:centos:centos:openldap-clients"], "id": "CENTOS_RHSA-2005-767.NASL", "href": "https://www.tenable.com/plugins/nessus/21961", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:767 and \n# CentOS Errata and Security Advisory 2005:767 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21961);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2069\", \"CVE-2005-2641\");\n script_bugtraq_id(14125, 14126);\n script_xref(name:\"RHSA\", value:\"2005:767\");\n\n script_name(english:\"CentOS 4 : openldap / nss_ldap (CESA-2005:767)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openldap and nss_ldap packages that correct a potential\npassword disclosure issue and possible authentication vulnerability\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nThe nss_ldap module is an extension for use with GNU libc which allows\napplications to, without internal modification, consult a directory\nservice using LDAP to supplement information that would be read from\nlocal files such as /etc/passwd, /etc/group, and /etc/shadow.\n\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\nservers. If a client connection is referred to a different server, it\nis possible that the referred connection will not be encrypted even if\nthe client has 'ssl start_tls' in its ldap.conf file. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-2069 to this issue.\n\nA bug was found in the way the pam_ldap module processed certain\nfailure messages. If the server includes supplemental data in an\nauthentication failure result message, but the data does not include\nany specific error code, the pam_ldap module would proceed as if the\nauthentication request had succeeded, and authentication would\nsucceed. The Common Vulnerabilities and Exposures project has assigned\nthe name CVE-2005-2641 to this issue.\n\nAdditionally the following issues are corrected in this erratum.\n\n - The OpenLDAP upgrading documentation has been updated.\n\n - Fix a database deadlock locking issue.\n\n - A fix where slaptest segfaults on exit after successful\n check.\n\n - The library libslapd_db-4.2.so is now located in an\n architecture-dependent directory.\n\n - The LDAP client no longer enters an infinite loop when\n the server returns a reference to itself.\n\n - The pam_ldap module adds the ability to check user\n passwords using a directory server to PAM-aware\n applications.\n\n - The directory server can now include supplemental\n information regarding the state of the user's account if\n a client indicates that it supports such a feature.\n\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these\nupdated packages, which contain backported fixes that resolve these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012295.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?335bd444\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012318.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fddc597\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012319.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed71b670\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss_ldap and / or openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:compat-openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"compat-openldap-2.1.30-4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"nss_ldap-226-10\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"openldap-2.2.13-4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"openldap-clients-2.2.13-4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"openldap-devel-2.2.13-4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"openldap-servers-2.2.13-4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"openldap-servers-sql-2.2.13-4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openldap / nss_ldap / openldap / openldap-clients / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:03:28", "description": "It has been discovered that libpam-ldap, the Pluggable Authentication\nModule allowing LDAP interfaces, ignores the result of an attempt to\nauthenticate against an LDAP server that does not set an optional data\nfield.", "edition": 25, "published": "2005-08-30T00:00:00", "title": "Debian DSA-785-1 : libpam-ldap - authentication bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2069", "CVE-2005-2641"], "modified": "2005-08-30T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:libpam-ldap"], "id": "DEBIAN_DSA-785.NASL", "href": "https://www.tenable.com/plugins/nessus/19528", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-785. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19528);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2069\", \"CVE-2005-2641\");\n script_xref(name:\"CERT\", value:\"778916\");\n script_xref(name:\"DSA\", value:\"785\");\n\n script_name(english:\"Debian DSA-785-1 : libpam-ldap - authentication bypass\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It has been discovered that libpam-ldap, the Pluggable Authentication\nModule allowing LDAP interfaces, ignores the result of an attempt to\nauthenticate against an LDAP server that does not set an optional data\nfield.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-785\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libpam-ldap package.\n\nThe old stable distribution (woody) is not affected by this problem.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 178-1sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpam-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libpam-ldap\", reference:\"178-1sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:55:43", "description": "Updated openldap and nss_ldap packages that correct a potential\npassword disclosure issue are now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nThe nss_ldap module is an extension for use with GNU libc which allows\napplications to, without internal modification, consult a directory\nservice using LDAP to supplement information that would be read from\nlocal files such as /etc/passwd, /etc/group, and /etc/shadow.\n\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\nservers. If a client connection is referred to a different server, it\nis possible that the referred connection will not be encrypted even if\nthe client has 'ssl start_tls' in its ldap.conf file. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-2069 to this issue.\n\nA bug was also found in the way certain OpenLDAP authentication\nschemes store hashed passwords. A remote attacker could re-use a\nhashed password to gain access to unauthorized resources. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2004-0823 to this issue.\n\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these\nupdated packages, which contain backported fixes that resolve these\nissues.", "edition": 27, "published": "2005-10-19T00:00:00", "title": "RHEL 2.1 / 3 : openldap and nss_ldap (RHSA-2005:751)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0823", "CVE-2005-2069"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:openldap-servers", "p-cpe:/a:redhat:enterprise_linux:openldap", "p-cpe:/a:redhat:enterprise_linux:nss_ldap", "p-cpe:/a:redhat:enterprise_linux:openldap-devel", "p-cpe:/a:redhat:enterprise_linux:openldap-clients"], "id": "REDHAT-RHSA-2005-751.NASL", "href": "https://www.tenable.com/plugins/nessus/20044", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:751. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20044);\n script_version (\"1.24\");\n script_cvs_date(\"Date: 2019/10/25 13:36:11\");\n\n script_cve_id(\"CVE-2004-0823\", \"CVE-2005-2069\");\n script_xref(name:\"RHSA\", value:\"2005:751\");\n\n script_name(english:\"RHEL 2.1 / 3 : openldap and nss_ldap (RHSA-2005:751)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openldap and nss_ldap packages that correct a potential\npassword disclosure issue are now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nThe nss_ldap module is an extension for use with GNU libc which allows\napplications to, without internal modification, consult a directory\nservice using LDAP to supplement information that would be read from\nlocal files such as /etc/passwd, /etc/group, and /etc/shadow.\n\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\nservers. If a client connection is referred to a different server, it\nis possible that the referred connection will not be encrypted even if\nthe client has 'ssl start_tls' in its ldap.conf file. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-2069 to this issue.\n\nA bug was also found in the way certain OpenLDAP authentication\nschemes store hashed passwords. A remote attacker could re-use a\nhashed password to gain access to unauthorized resources. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2004-0823 to this issue.\n\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these\nupdated packages, which contain backported fixes that resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2069\"\n );\n # http://marc.theaimsgroup.com/?l=pamldap&m=112432721728160&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=pamldap&m=112432721728160&w=2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:751\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:751\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"nss_ldap-189-13\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openldap-2.0.27-4.9\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openldap-clients-2.0.27-4.9\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openldap-devel-2.0.27-4.9\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openldap-servers-2.0.27-4.9\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"nss_ldap-207-17\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openldap-2.0.27-20\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openldap-clients-2.0.27-20\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openldap-devel-2.0.27-20\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openldap-servers-2.0.27-20\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss_ldap / openldap / openldap-clients / openldap-devel / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:24:52", "description": "Updated openldap and nss_ldap packages that correct a potential\npassword disclosure issue are now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nThe nss_ldap module is an extension for use with GNU libc which allows\napplications to, without internal modification, consult a directory\nservice using LDAP to supplement information that would be read from\nlocal files such as /etc/passwd, /etc/group, and /etc/shadow.\n\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\nservers. If a client connection is referred to a different server, it\nis possible that the referred connection will not be encrypted even if\nthe client has 'ssl start_tls' in its ldap.conf file. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-2069 to this issue.\n\nA bug was also found in the way certain OpenLDAP authentication\nschemes store hashed passwords. A remote attacker could re-use a\nhashed password to gain access to unauthorized resources. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2004-0823 to this issue.\n\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these\nupdated packages, which contain backported fixes that resolve these\nissues.", "edition": 26, "published": "2006-07-03T00:00:00", "title": "CentOS 3 : openldap / nss_ldap (CESA-2005:751)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0823", "CVE-2005-2069"], "modified": "2006-07-03T00:00:00", "cpe": ["p-cpe:/a:centos:centos:nss_ldap", "p-cpe:/a:centos:centos:openldap", "p-cpe:/a:centos:centos:openldap-servers", "p-cpe:/a:centos:centos:openldap-devel", "p-cpe:/a:centos:centos:openldap-clients", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2005-751.NASL", "href": "https://www.tenable.com/plugins/nessus/21852", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:751 and \n# CentOS Errata and Security Advisory 2005:751 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21852);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2004-0823\", \"CVE-2005-2069\");\n script_xref(name:\"RHSA\", value:\"2005:751\");\n\n script_name(english:\"CentOS 3 : openldap / nss_ldap (CESA-2005:751)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openldap and nss_ldap packages that correct a potential\npassword disclosure issue are now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nThe nss_ldap module is an extension for use with GNU libc which allows\napplications to, without internal modification, consult a directory\nservice using LDAP to supplement information that would be read from\nlocal files such as /etc/passwd, /etc/group, and /etc/shadow.\n\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\nservers. If a client connection is referred to a different server, it\nis possible that the referred connection will not be encrypted even if\nthe client has 'ssl start_tls' in its ldap.conf file. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2005-2069 to this issue.\n\nA bug was also found in the way certain OpenLDAP authentication\nschemes store hashed passwords. A remote attacker could re-use a\nhashed password to gain access to unauthorized resources. The Common\nVulnerabilities and Exposures project has assigned the name\nCVE-2004-0823 to this issue.\n\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these\nupdated packages, which contain backported fixes that resolve these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012290.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e132cf06\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012291.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63b3ce1a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012294.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?411ceb95\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss_ldap and / or openldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openldap-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"nss_ldap-207-17\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openldap-2.0.27-20\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openldap-clients-2.0.27-20\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openldap-devel-2.0.27-20\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openldap-servers-2.0.27-20\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss_ldap / openldap / openldap-clients / openldap-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:28", "description": "Rob Holland, of the Gentoo Security Audit Team, discovered that\npam_ldap and nss_ldap would not use TLS for referred connections if\nthey are referred to a master after connecting to a slave, regardless\nof the 'ssl start_tls' setting in ldap.conf.\n\nAs well, a bug in nss_ldap in Corporate Server and Mandrake 10.0 has\nbeen fixed that caused crond, and other applications, to crash as a\nresult of clients receiving a SIGPIPE signal when attempting to issue\na new search request to a directory server that is no longer\navailable.\n\nThe updated packages have been patched to address this issue.", "edition": 26, "published": "2005-07-19T00:00:00", "title": "Mandrake Linux Security Advisory : nss_ldap (MDKSA-2005:121)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2377", "CVE-2005-2069"], "modified": "2005-07-19T00:00:00", "cpe": ["cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "p-cpe:/a:mandriva:linux:nss_ldap", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005", "p-cpe:/a:mandriva:linux:pam_ldap"], "id": "MANDRAKE_MDKSA-2005-121.NASL", "href": "https://www.tenable.com/plugins/nessus/19226", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:121. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19226);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2069\", \"CVE-2005-2377\");\n script_bugtraq_id(14125, 14126);\n script_xref(name:\"MDKSA\", value:\"2005:121\");\n\n script_name(english:\"Mandrake Linux Security Advisory : nss_ldap (MDKSA-2005:121)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rob Holland, of the Gentoo Security Audit Team, discovered that\npam_ldap and nss_ldap would not use TLS for referred connections if\nthey are referred to a master after connecting to a slave, regardless\nof the 'ssl start_tls' setting in ldap.conf.\n\nAs well, a bug in nss_ldap in Corporate Server and Mandrake 10.0 has\nbeen fixed that caused crond, and other applications, to crash as a\nresult of clients receiving a SIGPIPE signal when attempting to issue\na new search request to a directory server that is no longer\navailable.\n\nThe updated packages have been patched to address this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss_ldap and / or pam_ldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nss_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pam_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"nss_ldap-212-4.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"pam_ldap-167-4.1.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"nss_ldap-220-3.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"pam_ldap-170-3.1.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"nss_ldap-220-5.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"pam_ldap-170-5.2.102mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2020-07-09T19:43:46", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2069"], "description": "Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and \nlibnss-ldap. When a client connected to a slave LDAP server using SSL, \nthe slave server did not use SSL as well when contacting the LDAP \nmaster server. This caused passwords and other confident information \nto be transmitted unencrypted between the slave and the master.", "edition": 5, "modified": "2005-07-21T00:00:00", "published": "2005-07-21T00:00:00", "id": "USN-152-1", "href": "https://ubuntu.com/security/notices/USN-152-1", "title": "PAM/NSS LDAP vulnerabilitiy", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:47:15", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0823", "CVE-2005-2069"], "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\r\nProtocol) applications and development tools.\r\n\r\nThe nss_ldap module is an extension for use with GNU libc which allows\r\napplications to, without internal modification, consult a directory service\r\nusing LDAP to supplement information that would be read from local files\r\nsuch as /etc/passwd, /etc/group, and /etc/shadow.\r\n\r\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\r\nservers. If a client connection is referred to a different server, it is\r\npossible that the referred connection will not be encrypted even if the\r\nclient has \"ssl start_tls\" in its ldap.conf file. The Common\r\nVulnerabilities and Exposures project has assigned the name CAN-2005-2069\r\nto this issue.\r\n\r\nA bug was also found in the way certain OpenLDAP authentication schemes\r\nstore hashed passwords. A remote attacker could re-use a hashed password to\r\ngain access to unauthorized resources. The Common Vulnerabilities and\r\nExposures project has assigned the name CAN-2004-0823 to this issue.\r\n\r\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these updated\r\npackages, which contain backported fixes that resolve these issues.", "modified": "2019-03-22T23:43:40", "published": "2005-10-17T04:00:00", "id": "RHSA-2005:751", "href": "https://access.redhat.com/errata/RHSA-2005:751", "type": "redhat", "title": "(RHSA-2005:751) openldap and nss_ldap security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:25", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2069", "CVE-2005-2641"], "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\r\nProtocol) applications and development tools.\r\n\r\nThe nss_ldap module is an extension for use with GNU libc which allows\r\napplications to, without internal modification, consult a directory service\r\nusing LDAP to supplement information that would be read from local files\r\nsuch as /etc/passwd, /etc/group, and /etc/shadow.\r\n\r\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\r\nservers. If a client connection is referred to a different server, it is\r\npossible that the referred connection will not be encrypted even if the\r\nclient has \"ssl start_tls\" in its ldap.conf file. The Common\r\nVulnerabilities and Exposures project has assigned the name CAN-2005-2069\r\nto this issue.\r\n\r\nA bug was found in the way the pam_ldap module processed certain failure\r\nmessages. If the server includes supplemental data in an authentication\r\nfailure result message, but the data does not include any specific error\r\ncode, the pam_ldap module would proceed as if the authentication request\r\nhad succeeded, and authentication would succeed. The Common Vulnerabilities\r\nand Exposures project has assigned the name CAN-2005-2641 to this issue. \r\n\r\nAdditionally the following issues are corrected in this erratum.\r\n\r\n- The OpenLDAP upgrading documentation has been updated.\r\n\r\n- Fix a database deadlock locking issue.\r\n\r\n- A fix where slaptest segfaults on exit after successful check.\r\n\r\n- The library libslapd_db-4.2.so is now located in an\r\n architecture-dependent directory.\r\n\r\n- The LDAP client no longer enters an infinite loop when the server returns\r\n a reference to itself.\r\n\r\n- The pam_ldap module adds the ability to check user passwords using a\r\n directory server to PAM-aware applications.\r\n\r\n- The directory server can now include supplemental information regarding\r\n the state of the user's account if a client indicates that it supports\r\n such a feature.\r\n\r\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these updated\r\npackages, which contain backported fixes that resolve these issues.", "modified": "2017-09-08T11:55:59", "published": "2005-10-17T04:00:00", "id": "RHSA-2005:767", "href": "https://access.redhat.com/errata/RHSA-2005:767", "type": "redhat", "title": "(RHSA-2005:767) openldap and nss_ldap security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:24:16", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0823", "CVE-2005-2069"], "description": "**CentOS Errata and Security Advisory** CESA-2005:751-01\n\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\r\nProtocol) applications and development tools.\r\n\r\nThe nss_ldap module is an extension for use with GNU libc which allows\r\napplications to, without internal modification, consult a directory service\r\nusing LDAP to supplement information that would be read from local files\r\nsuch as /etc/passwd, /etc/group, and /etc/shadow.\r\n\r\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\r\nservers. If a client connection is referred to a different server, it is\r\npossible that the referred connection will not be encrypted even if the\r\nclient has \"ssl start_tls\" in its ldap.conf file. The Common\r\nVulnerabilities and Exposures project has assigned the name CAN-2005-2069\r\nto this issue.\r\n\r\nA bug was also found in the way certain OpenLDAP authentication schemes\r\nstore hashed passwords. A remote attacker could re-use a hashed password to\r\ngain access to unauthorized resources. The Common Vulnerabilities and\r\nExposures project has assigned the name CAN-2004-0823 to this issue.\r\n\r\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these updated\r\npackages, which contain backported fixes that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024341.html\n\n**Affected packages:**\nnss_ldap\nopenldap\nopenldap-clients\nopenldap-devel\nopenldap-servers\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2005-10-18T04:23:45", "published": "2005-10-18T04:23:45", "href": "http://lists.centos.org/pipermail/centos-announce/2005-October/024341.html", "id": "CESA-2005:751-01", "title": "nss_ldap, openldap security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:24:12", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0823", "CVE-2005-2069"], "description": "**CentOS Errata and Security Advisory** CESA-2005:751\n\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\r\nProtocol) applications and development tools.\r\n\r\nThe nss_ldap module is an extension for use with GNU libc which allows\r\napplications to, without internal modification, consult a directory service\r\nusing LDAP to supplement information that would be read from local files\r\nsuch as /etc/passwd, /etc/group, and /etc/shadow.\r\n\r\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\r\nservers. If a client connection is referred to a different server, it is\r\npossible that the referred connection will not be encrypted even if the\r\nclient has \"ssl start_tls\" in its ldap.conf file. The Common\r\nVulnerabilities and Exposures project has assigned the name CAN-2005-2069\r\nto this issue.\r\n\r\nA bug was also found in the way certain OpenLDAP authentication schemes\r\nstore hashed passwords. A remote attacker could re-use a hashed password to\r\ngain access to unauthorized resources. The Common Vulnerabilities and\r\nExposures project has assigned the name CAN-2004-0823 to this issue.\r\n\r\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these updated\r\npackages, which contain backported fixes that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024328.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024329.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024332.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024340.html\n\n**Affected packages:**\nnss_ldap\nopenldap\nopenldap-clients\nopenldap-devel\nopenldap-servers\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-751.html", "edition": 4, "modified": "2005-10-18T02:48:58", "published": "2005-10-17T10:35:43", "href": "http://lists.centos.org/pipermail/centos-announce/2005-October/024328.html", "id": "CESA-2005:751", "title": "nss_ldap, openldap security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-17T03:31:08", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2069", "CVE-2005-2641"], "description": "**CentOS Errata and Security Advisory** CESA-2005:767\n\n\nOpenLDAP is an open source suite of LDAP (Lightweight Directory Access\r\nProtocol) applications and development tools.\r\n\r\nThe nss_ldap module is an extension for use with GNU libc which allows\r\napplications to, without internal modification, consult a directory service\r\nusing LDAP to supplement information that would be read from local files\r\nsuch as /etc/passwd, /etc/group, and /etc/shadow.\r\n\r\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\r\nservers. If a client connection is referred to a different server, it is\r\npossible that the referred connection will not be encrypted even if the\r\nclient has \"ssl start_tls\" in its ldap.conf file. The Common\r\nVulnerabilities and Exposures project has assigned the name CAN-2005-2069\r\nto this issue.\r\n\r\nA bug was found in the way the pam_ldap module processed certain failure\r\nmessages. If the server includes supplemental data in an authentication\r\nfailure result message, but the data does not include any specific error\r\ncode, the pam_ldap module would proceed as if the authentication request\r\nhad succeeded, and authentication would succeed. The Common Vulnerabilities\r\nand Exposures project has assigned the name CAN-2005-2641 to this issue. \r\n\r\nAdditionally the following issues are corrected in this erratum.\r\n\r\n- The OpenLDAP upgrading documentation has been updated.\r\n\r\n- Fix a database deadlock locking issue.\r\n\r\n- A fix where slaptest segfaults on exit after successful check.\r\n\r\n- The library libslapd_db-4.2.so is now located in an\r\n architecture-dependent directory.\r\n\r\n- The LDAP client no longer enters an infinite loop when the server returns\r\n a reference to itself.\r\n\r\n- The pam_ldap module adds the ability to check user passwords using a\r\n directory server to PAM-aware applications.\r\n\r\n- The directory server can now include supplemental information regarding\r\n the state of the user's account if a client indicates that it supports\r\n such a feature.\r\n\r\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these updated\r\npackages, which contain backported fixes that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024333.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024339.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024343.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024356.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024357.html\n\n**Affected packages:**\ncompat-openldap\nnss_ldap\nopenldap\nopenldap-clients\nopenldap-devel\nopenldap-servers\nopenldap-servers-sql\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-767.html", "edition": 6, "modified": "2005-10-18T18:22:49", "published": "2005-10-17T14:29:06", "href": "http://lists.centos.org/pipermail/centos-announce/2005-October/024333.html", "id": "CESA-2005:767", "title": "compat, nss_ldap, openldap security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
