CVE-2005-2069
Published: 30 June 2005
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
Priority
Status
Package | Release | Status |
---|---|---|
libnss-ldap Launchpad, Ubuntu, Debian |
dapper |
Released
(238-1.1ubuntu1)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
upstream |
Needs triage
|
|
openldap2 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.1.30-12ubuntu3)
|
edgy |
Released
(2.1.30-12ubuntu3)
|
|
feisty |
Released
(2.1.30-12ubuntu3)
|
|
upstream |
Needs triage
|
|
openldap2.2 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.2.26-5ubuntu2.2)
|
edgy |
Released
(2.2.26-5ubuntu3.1)
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
openldap2.3 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Released
(2.3.30-2)
|
|
upstream |
Needs triage
|