Ubuntu Security Notice USN-152-1 - Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and libnss-ldap. When a client connected to a slave LDAP server using SSL, the slave server did not use SSL as well when contacting the LDAP master server. This caused passwords and other confident information to be transmitted unencrypted between the slave and the master.
7cd4899c62267a74e9a03bb6d99544b1b9e4c73212466fcde94777b63ec4abaaGentoo Linux Security Advisory GLSA 200507-13 - Rob Holland of the Gentoo Security Audit Team discovered that pam_ldap and nss_ldap fail to use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the ssl start_tls ldap.conf setting. Versions less than 239-r1 are affected.
5b8aaa3f14db6558932ea4bd793a3667254531043fda71da7b556f17c6f6d1e5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed