| Revision Date: | 2013-04-29 | Version: | 11 | | Title: | pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. | | Description: | pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. | | Family: | unix | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2005-2069
| | Platform(s): | CentOS Linux 3
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
| Product(s): | | | Definition Synopsis | | OS Section: RHEL3, CentOS3 RHEL3 or CentOS3
The operating system installed on the system is Red Hat Enterprise Linux 3
OR CentOS Linux 3.x
AND Configuration section
openldap-devel is earlier than 0:2.0.27-20
OR openldap-clients is earlier than 0:2.0.27-20
OR nss_ldap is earlier than 0:207-17
OR openldap is earlier than 0:2.0.27-20
OR openldap-servers is earlier than 0:2.0.27-20
OR OS Section: RHEL4, CentOS4, Oracle Linux 4
RHEL4, CentOS4 or Oracle Linux 4
The operating system installed on the system is Red Hat Enterprise Linux 4
OR CentOS Linux 4.x
OR Oracle Linux 4.x
AND Configuration section
compat-openldap is earlier than 0:2.1.30-4
OR openldap-devel is earlier than 0:2.2.13-4
OR openldap-clients is earlier than 0:2.2.13-4
OR nss_ldap is earlier than 0:226-10
OR openldap is earlier than 0:2.2.13-4
OR openldap-servers-sql is earlier than 0:2.2.13-4
OR openldap-servers is earlier than 0:2.2.13-4
|
|