1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200507-13 / pam_ldap nss_ldap |
| Release Date | July 14, 2005 |
| Latest Revision | July 14, 2005: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| sys-auth/nss_ldap | < 239-r1 | >= 239-r1, revision >= 226-r1 | All supported architectures |
| sys-auth/pam_ldap | < 178-r1 | >= 178-r1 | All supported architectures |
Related bugreports: #96767
pam_ldap and nss_ldap fail to restart TLS when following a referral, possibly leading to credentials being sent in plain text.
pam_ldap is a Pluggable Authentication Module which allows authentication against an LDAP directory. nss_ldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. TLS is Transport Layer Security, a protocol that allows encryption of network communications.
Rob Holland of the Gentoo Security Audit Team discovered that pam_ldap and nss_ldap fail to use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the "ssl start_tls" ldap.conf setting.
An attacker could sniff passwords or other sensitive information as the communication is not encrypted.
pam_ldap and nss_ldap can be set to force the use of SSL instead of TLS.
All pam_ldap users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-auth/pam_ldap-178-r1" |
All nss_ldap users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose sys-auth/nss_ldap |