|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200509-04] phpLDAPadmin: Authentication bypass Vulnerability Scan
Vulnerability Scan Summary phpLDAPadmin: Authentication bypass
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200509-04
(phpLDAPadmin: Authentication bypass)
Alexander Gerasiov discovered a flaw in login.php preventing the
application from validating whether anonymous bind has been disabled in
the target LDAP server configuration.
Impact
Anonymous users can access the LDAP server, even if the
"disable_anon_bind" parameter was explicitly set to avoid this.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2654
http://secunia.com/advisories/16611/
Solution:
All phpLDAPadmin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-nds/phpldapadmin-0.9.7_alpha6"
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|