Bug 1617681 (CVE-2005-2069) - CVE-2005-2069 security flaw
Summary: CVE-2005-2069 security flaw
Alias: CVE-2005-2069
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2018-08-16 04:22 UTC by Stephen Herr
Modified: 2023-08-10 11:25 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-08-16 04:22:46 UTC

Attachments (Terms of Use)

Description Stephen Herr 2018-08-16 04:22:38 UTC
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.

Comment 1 Stephen Herr 2018-08-16 16:22:40 UTC
MITRE description:

pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.

Comment 2 Stephen Herr 2019-06-13 19:24:17 UTC

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Red Hat Enterprise Linux 8 is not vulnerable to this issue.

Comment 3 Jan Pazdziora 2023-07-25 15:28:00 UTC

while doing review of the Vulnerability Assessment report of RHEL 8.6 for the purpose of Common Criteria certification, we came across this CVE-2005-2069. The CVE page https://access.redhat.com/security/cve/CVE-2005-2069 does not list RHEL 8. Therefore, it is not clear if the patch mentioned there for RHEL 5 is still present in the RHEL 8 package.

Could the CVE page be updated with Red Hat's official statement about this CVE in RHEL 8?

Thank you, Jan

Comment 4 Petr Matousek 2023-08-10 11:25:54 UTC
(In reply to Jan Pazdziora from comment #3)
> Could the CVE page be updated with Red Hat's official statement about this
> CVE in RHEL 8?

added statement

Note You need to log in before you can comment on or make changes to this bug.