nss-pam-ldapd security advisory (CVE-2011-0438)

[Arthur de Jong <arthur () arthurdejong org>]

Russell Sim discovered a serious security vulnerability in development
release 0.8.0 of nss-pam-ldapd that allows authentication with an
incorrect password for local user accounts.

The PAM module will erroneously return a success code when the user
cannot be found in LDAP. Exploitability depends on the details of the
PAM configuration but on systems that don't use the minimum_uid PAM
option it may be possible to log in to any local account, including
root.

This problem only affects the 0.8.0 development release of
nss-pam-ldapd. Earlier releases are not affected.

This problem has been assigned CVE-2011-0438.

More details are available at:
http://arthurdejong.org/nss-pam-ldapd/news.html#20110309

Affected users are advised to apply the attached patch, upgrade to 0.8.1
(which will be released shortly), downgrade to 0.7.13 or disable
nss-pam-ldapd's PAM module.

-- 
-- arthur - arthur () arthurdejong org - http://arthurdejong.org --

Attachment: nss-pam-ldapd-0.8.0-authentication-bypass-fix.patch
Description:

Attachment: signature.asc
Description: This is a digitally signed message part