作者 主題: 【轉載】login_ldap Module Unauthorized Access Vulnerability  (閱讀 3437 次)

0 會員 與 1 訪客 正在閱讀本文。

zoob

  • 鑽研的研究生
  • *****
  • 文章數: 776
    • 檢視個人資料
    • http://www.myunix.idv.tw
A vulnerability has been discovered in the login_ldap module. The issue occurs when the module is used in conjunction with specific LDAP server configurations.
It may be possible for an attacker to gain anonymous authorization on affected systems running login_ldap. Multiple versions of at least one LDAP server, OpenLDAP, ships with a default configuration that allows exploitation of this vulnerability.

Peter Werner login_ldap 3.1、login_ldap 3.2請儘速升級至login_ldap 3.3版

http://www.ifost.org.au/~peterw/login_ldap-3.3.tar.gz

詳情請參考以下網址
http://www.securityfocus.com/bid/6903/info/