From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Jun 4 21:48:59 2014 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 23836123 for ; Wed, 4 Jun 2014 21:48:59 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E615D286C for ; Wed, 4 Jun 2014 21:48:58 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s54LmwJu007227 for ; Wed, 4 Jun 2014 22:48:58 +0100 (BST) (envelope-from bz-noreply@freebsd.org) From: bz-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 190629] New: authentication bypass in Horde_Ldap Date: Wed, 04 Jun 2014 21:48:59 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports Tree X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: peo@bsdlabs.com X-Bugzilla-Status: Needs Triage X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 21:48:59 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=190629 Bug ID: 190629 Summary: authentication bypass in Horde_Ldap Product: Ports Tree Version: Latest Hardware: Any OS: Any Status: Needs Triage Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: peo@bsdlabs.com an authentication bypass vulnerability has been discovered in the Horde_Ldap library that's being used by all components of the Horde project that communicate with LDAP servers. A fixed version has been released and everybody using LDAP in their Horde installations is advised to upgrade to Horde_Ldap 2.0.6 as soon as possible. So far only certain setups have been confirmed to be exploitable: The system must use LDAP for authentication, an LDAP user must have been specified for binding (as opposed to anonymous binding), that LDAP user must have the same parent DN like the system users, and the attacker must guess the binding user's name. In this case the attacker can login with the guessed name and an empty password. Whether this actually allows for further access to data or to the system, completely depends on the individual setup. It's possible that other mitigation factors exist though, that haven't been discovered yet. Thanks to Matthew Daley for detecting and reporting this vulnerability. -- You are receiving this mail because: You are the assignee for the bug.