ID CVE-2005-2654 Type cve Reporter NVD Modified 2008-09-05T16:52:20
Description
phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2654", "history": [], "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423", "http://www.debian.org/security/2005/dsa-790", "http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml"], "lastseen": "2016-09-03T05:43:49", "bulletinFamily": "NVD", "title": "CVE-2005-2654", "cpe": ["cpe:/a:phpldapadmin:phpldapadmin:0.9.6c.4"], "viewCount": 2, "id": "CVE-2005-2654", "hash": "fbbf63a3dca43a606e2a0f079cb3c52c7c76597225e896f72d35abf1d186bfc8", "description": "phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2005-2654"], "scanner": [], "modified": "2008-09-05T16:52:20", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2005-08-30T13:03:00", "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2016-09-03T05:43:49"}, "vulnersScore": 7.5}}
{"f5": [{"lastseen": "2017-06-08T00:16:30", "references": [], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "reporter": "f5", "published": "2016-08-10T20:24:00", "title": "phpLDAPAdmin vulnerabilities CVE-2005-2654, CVE-2005-2792, CVE-2005-2793, CVE-2006-2016, and CVE-2009-4427", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2009-4427", "CVE-2005-2793", "CVE-2005-2792", "CVE-2005-2654", "CVE-2006-2016"], "modified": "2016-08-10T20:24:00", "id": "F5:K55248799", "href": "https://support.f5.com/csp/article/K55248799", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:55", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "edition": 1, "reporter": "f5", "published": "2016-08-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "f5", "title": "SOL55248799 - phpLDAPAdmin vulnerabilities CVE-2005-2654, CVE-2005-2792, CVE-2005-2793, CVE-2006-2016, and CVE-2009-4427", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2009-4427", "CVE-2005-2793", "CVE-2005-2792", "CVE-2005-2654", "CVE-2006-2016"], "modified": "2016-08-10T00:00:00", "id": "SOL55248799", "href": "http://support.f5.com/kb/en-us/solutions/public/k/55/sol55248799.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:58", "references": [], "pluginID": "55227", "description": "The remote host is missing updates announced in\nadvisory GLSA 200509-04.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Gentoo Security Advisory GLSA 200509-04 (phpLDAPadmin)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2654"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55227", "id": "OPENVAS:55227", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw in phpLDAPadmin may allow attackers to bypass security restrictions\nand connect anonymously.\";\ntag_solution = \"All phpLDAPadmin users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-nds/phpldapadmin-0.9.7_alpha6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200509-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=104293\nhttp://secunia.com/advisories/16611/\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200509-04.\";\n\n \n\nif(description)\n{\n script_id(55227);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-2654\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200509-04 (phpLDAPadmin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-nds/phpldapadmin\", unaffected: make_list(\"ge 0.9.7_alpha6\"), vulnerable: make_list(\"lt 0.9.7_alpha6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:51", "references": [], "pluginID": "55192", "description": "The remote host is missing an update to phpldapadmin\nannounced via advisory DSA 790-1.\n\nAlexander Gerasiov discovered that phpldapadmin, a web based interface\nfor administering LDAP servers, allows anybody to access the LDAP\nserver anonymously, even if this is disabled in the configuration with\nthe disable_anon_bind statement.\n\nThe old stable distribution (woody) is not vulnerable to this problem.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 790-1 (phpldapadmin)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2654"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55192", "id": "OPENVAS:55192", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_790_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 790-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.5-3sarge1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.9.6c-5.\n\nWe recommend that you upgrade your phpldapadmin package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20790-1\";\ntag_summary = \"The remote host is missing an update to phpldapadmin\nannounced via advisory DSA 790-1.\n\nAlexander Gerasiov discovered that phpldapadmin, a web based interface\nfor administering LDAP servers, allows anybody to access the LDAP\nserver anonymously, even if this is disabled in the configuration with\nthe disable_anon_bind statement.\n\nThe old stable distribution (woody) is not vulnerable to this problem.\";\n\n\nif(description)\n{\n script_id(55192);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-2654\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 790-1 (phpldapadmin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"phpldapadmin\", ver:\"0.9.5-3sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:58:52", "references": ["http://secunia.com/advisories/16611/", "https://security.gentoo.org/glsa/200509-04"], "pluginID": "19669", "description": "The remote host is affected by the vulnerability described in GLSA-200509-04 (phpLDAPadmin: Authentication bypass)\n\n Alexander Gerasiov discovered a flaw in login.php preventing the application from validating whether anonymous bind has been disabled in the target LDAP server configuration.\n Impact :\n\n Anonymous users can access the LDAP server, even if the 'disable_anon_bind' parameter was explicitly set to avoid this.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "reporter": "Tenable", "published": "2005-09-12T00:00:00", "title": "GLSA-200509-04 : phpLDAPadmin: Authentication bypass", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2654"], "modified": "2018-07-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:phpldapadmin"], "id": "GENTOO_GLSA-200509-04.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19669", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200509-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19669);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2005-2654\");\n script_xref(name:\"GLSA\", value:\"200509-04\");\n\n script_name(english:\"GLSA-200509-04 : phpLDAPadmin: Authentication bypass\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200509-04\n(phpLDAPadmin: Authentication bypass)\n\n Alexander Gerasiov discovered a flaw in login.php preventing the\n application from validating whether anonymous bind has been disabled in\n the target LDAP server configuration.\n \nImpact :\n\n Anonymous users can access the LDAP server, even if the\n 'disable_anon_bind' parameter was explicitly set to avoid this.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://secunia.com/advisories/16611/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200509-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All phpLDAPadmin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-nds/phpldapadmin-0.9.7_alpha6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:phpldapadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-nds/phpldapadmin\", unaffected:make_list(\"ge 0.9.7_alpha6\"), vulnerable:make_list(\"lt 0.9.7_alpha6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpLDAPadmin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:48", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423", "http://www.debian.org/security/2005/dsa-790"], "pluginID": "19560", "description": "Alexander Gerasiov discovered that phpldapadmin, a web-based interface for administering LDAP servers, allows anybody to access the LDAP server anonymously, even if this is disabled in the configuration with the 'disable_anon_bind' statement.\n\nThe old stable distribution (woody) is not vulnerable to this problem.", "edition": 6, "reporter": "Tenable", "published": "2005-09-06T00:00:00", "title": "Debian DSA-790-1 : phpldapadmin - programming error", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2654"], "modified": "2018-07-20T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:phpldapadmin"], "id": "DEBIAN_DSA-790.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19560", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-790. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19560);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/07/20 2:17:11\");\n\n script_cve_id(\"CVE-2005-2654\");\n script_xref(name:\"DSA\", value:\"790\");\n\n script_name(english:\"Debian DSA-790-1 : phpldapadmin - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alexander Gerasiov discovered that phpldapadmin, a web-based interface\nfor administering LDAP servers, allows anybody to access the LDAP\nserver anonymously, even if this is disabled in the configuration with\nthe 'disable_anon_bind' statement.\n\nThe old stable distribution (woody) is not vulnerable to this problem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-790\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the phpldapadmin package.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.9.5-3sarge2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:phpldapadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"phpldapadmin\", reference:\"0.9.5-3sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:26", "references": ["http://www.nessus.org/u?4e9c6bc8", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423"], "pluginID": "19546", "description": "The remote host is running phpLDAPadmin, a PHP-based LDAP browser. \n\nThe version of phpLDAPadmin installed on the remote host may allow access to an LDAP server anonymously, even if anonymous binds have been disabled in the application's configuration.", "edition": 5, "reporter": "Tenable", "published": "2005-08-31T00:00:00", "title": "phpLDAPadmin Anonymous Bind Security Bypass Vulnerability", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CGI abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2654"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/a:deon_george:phpldapadmin"], "id": "PHPLDAPADMIN_DISABLE_ANON_BIND_BYPASS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19546", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19546);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\"CVE-2005-2654\");\n script_bugtraq_id(14694);\n\n script_name(english:\"phpLDAPadmin Anonymous Bind Security Bypass Vulnerability\");\n script_summary(english:\"Checks for anonymous bind security bypass vulnerability in phpLDAPadmin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by an authentication bypass issue.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running phpLDAPadmin, a PHP-based LDAP browser. \n\nThe version of phpLDAPadmin installed on the remote host may allow\naccess to an LDAP server anonymously, even if anonymous binds have\nbeen disabled in the application's configuration.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e9c6bc8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to phpLDAPadmin 0.9.7-rc1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/31\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:deon_george:phpldapadmin\");\n script_end_attributes();\n \n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80);\nif (!can_host_php(port:port)) exit(0);\n\n\n# Loop through CGI directories.\nforeach dir (cgi_dirs()) {\n r = http_send_recv3(method:\"GET\",item:string(dir, \"/tree.php\"), port:port);\n if (isnull(r)) exit(0);\n res = r[2];\n\n # Get the software version if possible.\n pat = 'class=\"subtitle\".*>phpLDAPadmin - (.+)$';\n matches = egrep(string:res, pattern:pat);\n if (matches) {\n foreach match (split(matches)) {\n match = chomp(match);\n ver = eregmatch(pattern:pat, string:match);\n if (!isnull(ver)) {\n ver = ver[1];\n break;\n }\n }\n }\n\n # Iterate over each configured ldap server and try to exploit the flaw.\n server_list = res;\n while (server_list = strstr(server_list, '<tr class=\"server\">')) {\n server_list = strstr(server_list, '<a href=\"login_form.php?server_id=');\n\n server = server_list - '<a href=\"login_form.php?server_id=';\n server = server - strstr(server, '\"');\n\n # Look for an \"anonymous bind\" checkbox in the login form.\n r = http_send_recv3(method:\"GET\", item:string(dir, \"/login_form.php?server_id=\", server), port:port);\n if (isnull(r)) exit(0);\n res = r[2];\n\n # If ...\n if (\n # it looks like like phpLDAPadmin and ...\n '<form action=\"login.php\" method=\"post\" name=\"login_form\">' >< res &&\n '<input type=\"text\" name=\"login_dn\"' >< res &&\n # it doesn't have the \"anonymous bind\" checkbox.\n 'type=\"checkbox\" name=\"anonymous_bind\"' >!< res\n ) {\n # Try to exploit the flaw.\n postdata = string(\n \"server_id=\", server, \"&\",\n \"anonymous_bind=on\"\n );\n r = http_send_recv3(method: \"POST\", item: dir+\"/login.php\", port: port,\n \tcontent_type: \"application/x-www-form-urlencoded\",\n\tdata: postdata );\n if (isnull(r)) exit(0);\n res = r[2];\n\n # There's a problem if we could do an anonymous bind.\n if (\n \"Successfully logged into server\" >< res &&\n \"(Anonymous Bind)\" >< res\n ) {\n security_warning(port);\n exit(0);\n }\n }\n }\n\n # Check the version since the exploit won't works if the\n # LDAP servers don't actually allow anonymous binds.\n if (ver && ver =~ \"^0\\.9\\.([0-5]|6($|[ab]|c($|-[0-4])))\") {\n report = string(\n \"Note that Nessus has determined the vulnerability exists on the remote\\n\",\n \"host simply by looking at the version number of phpLDAPadmin installed\\n\",\n \"there.\\n\"\n );\n security_warning(port:port, extra: report);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:40", "references": ["http://secunia.com/advisories/16611/", "https://bugs.gentoo.org/show_bug.cgi?id=104293", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2654"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.9.7_alpha6", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-nds/phpldapadmin", "operator": "lt"}], "edition": 1, "description": "### Background\n\nphpLDAPadmin is a web-based LDAP client allowing to easily manage LDAP servers. \n\n### Description\n\nAlexander Gerasiov discovered a flaw in login.php preventing the application from validating whether anonymous bind has been disabled in the target LDAP server configuration. \n\n### Impact\n\nAnonymous users can access the LDAP server, even if the \"disable_anon_bind\" parameter was explicitly set to avoid this. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll phpLDAPadmin users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-nds/phpldapadmin-0.9.7_alpha6\"", "reporter": "Gentoo Foundation", "published": "2005-09-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "phpLDAPadmin: Authentication bypass", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2654"], "modified": "2005-09-06T00:00:00", "id": "GLSA-200509-04", "href": "https://security.gentoo.org/glsa/200509-04", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:15", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-790)\n[Secunia Advisory ID:16611](https://secuniaresearch.flexerasoftware.com/advisories/16611/)\n[Secunia Advisory ID:16636](https://secuniaresearch.flexerasoftware.com/advisories/16636/)\n[Secunia Advisory ID:16702](https://secuniaresearch.flexerasoftware.com/advisories/16702/)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml\n[CVE-2005-2654](https://vulners.com/cve/CVE-2005-2654)\n", "reporter": "OSVDB", "published": "2005-08-30T06:15:04", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "phpLDAPadmin Unspecified Anonymous Bind Policy Bypass", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-2654"], "modified": "2005-08-30T06:15:04", "href": "https://vulners.com/osvdb/OSVDB:19067", "id": "OSVDB:19067", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:42", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "3.1", "packageVersion": "0.9.5-3sarge2", "arch": "all", "packageFilename": "phpldapadmin_0.9.5-3sarge2_all.deb", "packageName": "phpldapadmin", "operator": "lt"}], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 790-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nAugust 30th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : phpldapadmin\nVulnerability : programming error\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2005-2654\nDebian Bug : 322423\n\nAlexander Gerasiov discovered that phpldapadmin, a web based interface\nfor administering LDAP servers, allows anybody to access the LDAP\nserver anonymously, even if this is disabled in the configuration with\nthe "disable_anon_bind" statement.\n\nThe old stable distribution (woody) is not vulnerable to this problem.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.9.5-3sarge1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.9.6c-5.\n\nWe recommend that you upgrade your phpldapadmin package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge2.dsc\n Size/MD5 checksum: 619 d6da0a97614965ba396e3ca4079ddabb\n http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge2.diff.gz\n Size/MD5 checksum: 11564 543a7a99fb997976bbdaa51056e85d4f\n http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5.orig.tar.gz\n Size/MD5 checksum: 617707 fb0669d4c4b88573875555aef2630de8\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge2_all.deb\n Size/MD5 checksum: 616852 2ea5bc2d2f2eb0736f75cc8b48618842\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 1, "reporter": "Debian", "published": "2005-08-30T00:00:00", "title": "[SECURITY] [DSA 790-1] New phpldapadmin packages fix unauthorised access", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:42", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-2654"], "modified": "2005-08-30T00:00:00", "id": "DEBIAN:DSA-790-1:02A04", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00178.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
