English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-87
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 29 Aug 2005
 Last revised: 29 Aug 2005

 Package: pam_ldap

 Summary: Password leak

 More information:
    This is pam_ldap, a pluggable authentication module that can be used with
    linux-PAM. This module supports password changes, V2 clients, Netscapes SSL,
    ypldapd, Netscape Directory Server password policies, access authorization, crypted hashes, etc.
    The pam_ldap and nss_ldap would not use TLS for referred connections
    if they are referred to a master after connecting to a slave.

 Impact:
    The pam_ldap and nss_ldap may cause a password to be sent in cleartext and
    allows remote attackers to sniff the password.

 Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., 
  Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal]
 # turbopkg
 or
 # zabom -u pam_ldap

 [other]
 # turbopkg
 or
 # zabom update pam_ldap
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   pam_ldap-148-3.src.rpm
       112233 abefe3aa030974e314fc2a5964aea280

   Binary Packages
   Size: MD5

   pam_ldap-148-3.i586.rpm
        70375 27c29cf18c9664a09155a7d1ad1c961b

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   pam_ldap-148-3.src.rpm
       112233 3c252cd236b65afa3d2c0a9a8cc669a2

   Binary Packages
   Size: MD5

   pam_ldap-148-3.i586.rpm
        70583 4615d1d3d8a3b6b84efd0947961d27a3

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/pam_ldap-164-2.src.rpm
       126714 4efdce26c7e639b49e0287da1ff3037c

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/pam_ldap-164-2.i586.rpm
        46618 bd81fd78bd2305e26a71efd1123feaed

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/pam_ldap-164-2.src.rpm
       126714 5409b321eceb3612e881b0eafc4851f9

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/pam_ldap-164-2.i586.rpm
        46766 a3c4b3bbab2d7290d2bc261f9c0698c4

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/pam_ldap-148-3.src.rpm
       112233 b14f45cf7f7984508e8701e421e9cddc

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/pam_ldap-148-3.i586.rpm
        70546 7b5f75094e2fe3a23eb6f3adf9360e3e

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/pam_ldap-148-3.src.rpm
       112233 bc22f3981e361c678c94d8a1a7267265

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/pam_ldap-148-3.i586.rpm
        70479 13ff9d979ce83fbb5e184fdd47c82f19

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/pam_ldap-148-3.src.rpm
       112233 a0bf03f447c276c1f97b86b866481d05

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/pam_ldap-148-3.i586.rpm
        68845 9090da288e7065668fc2a80c20ee0cb4

 <Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/pam_ldap-148-3.src.rpm
       112233 b228193e8a1fc9d7f634e9b126b8211c

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/pam_ldap-148-3.i586.rpm
        68821 9173b4b8d339f6e8bf052de1b9e105a0


 References:

 CVE
   [CAN-2005-2069]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069

 --------------------------------------------------------------------------
 Revision History
    29 Aug 2005 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2005 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDEptmK0LzjOqIJMwRAuklAJ4scKXcvC0PPVZSaFlVKcE3tp4U+wCeINDc
ImW0VlWBo656jc488UpVbEg=
=GGL1
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.