Showing 1 - 1 of 1

CVE-2007-6714

Status Candidate

Overview

DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.

Related Files

Gentoo Linux Security Advisory 200804-24: Posted Apr 19, 2008; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200804-24 - A vulnerability in DBMail's authldap module when used in conjunction with an Active Directory server has been reported by vugluskr. When passing a zero length password to the module, it tries to bind anonymously to the LDAP server. If the LDAP server allows anonymous binds, this bind succeeds and results in a successful authentication to DBMail. Versions less than 2.2.9 are affected.; tags | advisory; systems | linux, gentoo; advisories | CVE-2007-6714; SHA-256 | fe44176bfcfe03ca8cc442fd07b97a05a599eebd360d1ecf7c08b76a0f4853a3; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 56 files
Debian 19 files
LiquidWorm 18 files
Apple 9 files
Gentoo 5 files
Google Security Research 3 files
Chokri Hammedi 3 files
Alter Prime 3 files
Valentin Lobstein 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,937)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,979)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CVE-2007-6714

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems