Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-2940

The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.

Related bugs and status

CVE-2010-2940 (Candidate) is related to these bugs:

Bug #625734: Sync sssd 1.2.1-4 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	625734	Sync sssd 1.2.1-4 (universe) from Debian unstable (main)		sssd (Ubuntu)	Wishlist	Fix Released

Bug #893043: Update sssd to 1.5.15

Summary				In	Importance	Status
	893043	Update sssd to 1.5.15		sssd (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: https://bugzilla.redha...
MISC: https://exchange.xforc...