Back to search
CVE-2017-11501
Published: Jul 20, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://openwall.com/lists/oss-security/2017/07/20/1
x_refsource_CONFIRM
https://groups.google.com/forum/#%21topic/nix-security-announce/qrDU0KH_ZRk
x_refsource_CONFIRM
https://github.com/NixOS/nixpkgs/issues/27506
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now