{"vuid":"VU#778916","idnumber":"778916","name":"pam_ldap authentication bypass vulnerability","keywords":["pam_ldap","authentication bypass","error field","PasswordPolicyResponseValue","LDAP server","BindResponseresultCode"],"overview":"An error in the pam_ldap password policy control may allow a remote attacker to gain access to a system.","clean_desc":"pam_ldap provides LDAP authentication services for UNIX-based systems. A vulnerability in pam_ldap may allow a remote attacker to bypass the authentication mechanism. If a pam_ldap client attempts to authenticate against an LDAP server that omits the optional error value from the PasswordPolicyResponseValue, the authentication attempt will always succeed. Note that this vulnerability affects all versions of pam_ldap since version pam_ldap-169. However, if the underlying LDAP client library does not support LDAP version 3 controls, then this vulnerability is not present.","impact":"An unauthenticated, remote attacker may be able to bypass the pam_ldap authentication mechanism and gain access to a system, possibly with elevated privileges.","resolution":"Upgrade pam_ldap\nThis vulnerability was corrected in pam_ldap-180.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Luke Howard of \nPADL","author":"This document was written by Jeff Gennari.","public":["http://www.padl.com/OSS/pam_ldap.html","http://secunia.com/advisories/16518/"],"cveids":["CVE-2005-2641"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-08-16T15:24:48Z","publicdate":"2005-08-24T00:00:00Z","datefirstpublished":"2005-08-24T17:07:56Z","dateupdated":"2005-11-02T17:47:30Z","revision":66,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"3","cam_widelyknown":"13","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"18","cam_impact":"15","cam_easeofexploitation":"7","cam_attackeraccessrequired":"10","cam_scorecurrent":"8.150625","cam_scorecurrentwidelyknown":"10.63125","cam_scorecurrentwidelyknownexploited":"17.71875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":8.150625,"vulnote":null}