Lucene search
F5F5:K5716HistoryMar 28, 2013 - 12:00 a.m.
K5716 : Authentication bypass in PAM LDAP module - CAN-2005-2641
2013-03-2800:00:00
my.f5.com
23
Security Advisory Description
Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.
F5 products and versions that have been evaluated for this Security Advisory
| Product | Affected | Not Affected |
|---|---|---|
| BIG-IP LTM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP GTM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP ASM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP Link Controller | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP WebAccelerator | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP PSM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP WAN Optimization | None | 10.x |
| 11.x | ||
| BIG-IP APM | None | 10.x |
| 11.x | ||
| BIG-IP Edge Gateway | None | 10.x |
| 11.x | ||
| BIG-IP Analytics | None | 11.x |
| BIG-IP AFM | None | 11.x |
| BIG-IP PEM | None | 11.x |
| FirePass | None | 5.x |
| 6.x | ||
| 7.x | ||
| Enterprise Manager | None | 1.x |
| 2.x | ||
| 3.x | ||
| ARX | None | 2.x |
| 3.x | ||
| 4.x | ||
| 5.x | ||
| 6.x |
Vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges.
Information about this advisory is available at the following locations:
- US-CERT Vulnerability Note VU#778916 pam_ldap authentication bypass vulnerability:
<http://www.kb.cert.org/vuls/id/778916> - CAN-2005-2641- pam_ldap does not properly handle a new password policy control:
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2641> - JP Vendor Status Notes JVNVU#778916:
<http://jvn.jp/cert/JVNVU%23778916/>
Related
cert
cert
pam_ldap authentication bypass vulnerability
2005-08-24 00:00:00
freebsd
freebsd
pam_ldap -- authentication bypass vulnerability
2005-08-22 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200508-22 (pam_ldap)
2008-09-24 00:00:00
FreeBSD Ports: pam_ldap
2008-09-04 00:00:00
Debian Security Advisory DSA 785-1 (libpam-ldap)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 785-1] New libpam-ldap packages fix authentication bypass
2005-08-25 16:54:57
[SECURITY] [DSA 785-1] New libpam-ldap packages fix authentication bypass
2005-08-25 16:54:57
nessus
nessus
Mandrake Linux Security Advisory : nss_ldap (MDKSA-2005:190)
2005-11-02 00:00:00
F5 Networks BIG-IP : pam_ldap vulnerability (SOL6634)
2014-10-10 00:00:00
GLSA-200508-22 : pam_ldap: Authentication bypass vulnerability
2005-09-06 00:00:00
f5
f5
pam_ldap password policy control vulnerability CAN-2005-2641
2006-06-21 04:00:00
SOL6634 - pam_ldap vulnerability - CVE-2005-2641
2006-10-19 00:00:00
K6634 : pam_ldap vulnerability - CVE-2005-2641
2013-03-19 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 785-1] New libpam-ldap packages fix authentication bypass
2005-08-26 00:00:00
gentoo
gentoo
pam_ldap: Authentication bypass vulnerability
2005-08-31 00:00:00
debiancve
debiancve
CVE-2005-2641
2005-08-23 04:00:00
ubuntucve
ubuntucve
CVE-2005-2641
2005-08-23 00:00:00
centos
centos
compat, nss_ldap, openldap security update
2005-10-17 14:29:06
osv
osv
libpam-ldap - authentication bypass
2005-08-25 00:00:00
nvd
nvd
CVE-2005-2641
2005-08-23 04:00:00
CVE-2005-2497
2005-10-07 18:02:00
cve
cve
CVE-2005-2641
2005-08-23 04:00:00
CVE-2005-2497
2005-10-07 18:02:00
redhat
redhat
(RHSA-2005:767) openldap and nss_ldap security update
2005-10-17 00:00:00
cvelist
cvelist
CVE-2005-2641
2005-08-21 04:00:00