Test ID:	1.3.6.1.4.1.25623.1.0.55583
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLSA-2005:1027 (nss_ldap/pam_ldap)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLSA-2005:1027. This announcement fixes an issue with pam_ldap and nss_ldap that could cause passwords to be sent in clear text over the network even when configured to use TLS. Aditionally, it also fixes a vulnerability[4] in pam_ldap where if the LDAP server omits the optional error value from the PasswordPolicyResponseValue, the authentication attempt will always succeed and thus allowing the remote attacker to gain system access. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001027 http://www.padl.com/OSS/nss_ldap.html http://www.padl.com/ Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2069 14125 http://www.securityfocus.com/bid/14125 14126 http://www.securityfocus.com/bid/14126 17233 http://secunia.com/advisories/17233 17692 http://www.osvdb.org/17692 17845 http://secunia.com/advisories/17845 20050704 pam_ldap/nss_ldap password leak in a master+slave+start_tls LDAP setup http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0060.html 21520 http://secunia.com/advisories/21520 GLSA-2005-07-13 http://www.gentoo.org/security/en/glsa/glsa-200507-13.xml MDKSA-2005:121 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:121 RHSA-2005:751 http://www.redhat.com/support/errata/RHSA-2005-751.html RHSA-2005:767 http://www.redhat.com/support/errata/RHSA-2005-767.html USN-152-1 http://www.ubuntu.com/usn/usn-152-1 http://bugs.gentoo.org/show_bug.cgi?id=96767 http://bugzilla.padl.com/show_bug.cgi?id=210 http://bugzilla.padl.com/show_bug.cgi?id=211 http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm http://www.openldap.org/its/index.cgi/Incoming?id=3791 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161990 ldap-tls-information-disclosure(21245) https://exchange.xforce.ibmcloud.com/vulnerabilities/21245 oval:org.mitre.oval:def:9445 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9445 Common Vulnerability Exposure (CVE) ID: CVE-2005-2641 BugTraq ID: 14649 http://www.securityfocus.com/bid/14649 Bugtraq: 20061005 rPSA-2006-0183-1 nss_ldap (Google Search) http://www.securityfocus.com/archive/1/447859/100/200/threaded CERT/CC vulnerability note: VU#778916 http://www.kb.cert.org/vuls/id/778916 http://www.mandriva.com/security/advisories?name=MDKSA-2005:190 https://www.redhat.com/archives/fedora-test-list/2005-August/msg00170.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10370 http://secunia.com/advisories/17270
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.