Vulnerability Description
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Padl | Nss Ldap | - |
| Padl | Pam Ldap | - |
| Openldap | Openldap | All versions |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0060.htmlBroken Link
- http://bugs.gentoo.org/show_bug.cgi?id=96767Third Party Advisory
- http://bugzilla.padl.com/show_bug.cgi?id=210Issue TrackingPatchVendor Advisory
- http://bugzilla.padl.com/show_bug.cgi?id=211Issue TrackingVendor Advisory
- http://secunia.com/advisories/17233Third Party Advisory
- http://secunia.com/advisories/17845Third Party Advisory
- http://secunia.com/advisories/21520Third Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-157.htmThird Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200507-13.xmlThird Party Advisory
- http://www.openldap.org/its/index.cgi/Incoming?id=3791PatchVendor Advisory
- http://www.osvdb.org/17692Broken Link
- http://www.redhat.com/support/errata/RHSA-2005-751.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2005-767.htmlThird Party Advisory
- http://www.securityfocus.com/bid/14125Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/14126Third Party AdvisoryVDB Entry
FAQ
What is CVE-2005-2069?
CVE-2005-2069 is a vulnerability with a CVSS score of 5.0 (MEDIUM). pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to ...
How severe is CVE-2005-2069?
CVE-2005-2069 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2069?
Check the references section above for vendor advisories and patch information. Affected products include: Padl Nss Ldap, Padl Pam Ldap, Openldap Openldap.