Lucene search

[email protected]CVE-2011-0438

HistoryMar 15, 2011 - 5:55 p.m.

CVE-2011-0438

2011-03-1517:55:03

CWE-287

[email protected]

web.nvd.nist.gov

cve-2011-0438

nss-pam-ldapd

pam module

ldap

authentication bypass

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication.

Affected configurations

NVD

Node

arthurdejongnss-pam-ldapdMatch0.8.0

CPENameOperatorVersion
arthurdejong:nss-pam-ldapdarthurdejong nss-pam-ldapdeq0.8.0

CPE	Name	Operator	Version
arthurdejong:nss-pam-ldapd	arthurdejong nss-pam-ldapd	eq	0.8.0

References

arthurdejong.org/nss-pam-ldapd/news.html#20110309

lists.arthurdejong.org/nss-pam-ldapd-announce/2011/attachments/txtVf3rHgt8qQ.txt

lists.arthurdejong.org/nss-pam-ldapd-announce/2011/msg00000.html

securityreason.com/securityalert/8132

www.securityfocus.com/bid/46819

exchange.xforce.ibmcloud.com/vulnerabilities/66028

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for CVE-2011-0438

debiancve1 ubuntucve1 prion1 nvd1 cvelist1