CERT-In Vulnerability Note CIVN-2006-111
pam_ldap "PasswordPolicyResponse" security bypass vulnerability

Original Issue Date: November 06, 2006

Severity Rating: Medium

Systems Affected

pam_ldap versions prior to 1.x

Overview

A vulnerability has been reported in pam_ldap module which could be exploited by remote attackers to bypass various security restrictions.

Description

A vulnerability has been reported in pam-module due to failure of generating error condition while authenticating against LDAP Directory Server for binding purpose. When pam_ldap requests and receives a “PasswordPolicyResponse” response as part of the bind process, it returns a successful result to libpam even if authentication is failed. This could allow remote attackers to gain unauthorized access of "pam_authenticate ()" function and bypass various security
restrictions.

Solution

Upgrade to pam_ldap version 1.x
http://www.padl.com/download/pam_ldap.tgz

References

Bugzilla
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286

Secunia
http://secunia.com/advisories/22682/

FrSIRT
http://www.frsirt.com/english/advisories/2006/4319

CVE-Name
CVE-2006-5170


Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003