|
Family: Debian Local Security Checks --> Category: infos
[DSA790] DSA-790-1 phpldapadmin Vulnerability Scan
Vulnerability Scan Summary DSA-790-1 phpldapadmin
Detailed Explanation for this Vulnerability Test
Alexander Gerasiov discovered that phpldapadmin, a web based interface
for administering LDAP servers, allows anybody to access the LDAP
server anonymously, even if this is disabled in the configuration with
the "disable_anon_bind" statement.
The old stable distribution (woody) is not vulnerable to this problem.
For the stable distribution (sarge) this problem has been fixed in
version 0.9.5-3sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 0.9.6c-5.
We recommend that you upgrade your phpldapadmin package.
Solution : http://www.debian.org/security/2005/dsa-790
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|