Apple Computer, Inc. Not Affected

Notified:  August 19, 2005 Updated: October 10, 2005

Status

Not Affected

Vendor Statement

Mac OS X does not ship with pam_ldap.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Computer Associates Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Debian Linux Affected

Notified:  August 19, 2005 Updated: August 25, 2005

Status

Affected

Vendor Statement

Debian GNU/Linux is vulnerable to this problem. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 178-1sarge1. For the unstable distribution (sid) this problem has been fixed in version 178-1sarge1. This is DSA 785-1.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hewlett-Packard Company Not Affected

Notified:  August 19, 2005 Updated: August 31, 2005

Status

Not Affected

Vendor Statement

HP-UX, HP Tru64 and HP OpenVMS are not vulnerable to this report. To report potential security vulnerabilities in HP software, send an E-mail message to: security-alert@hp.com

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hitachi Not Affected

Updated:  September 15, 2005

Status

Not Affected

Vendor Statement

Hitachi Directory Server is NOT Vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries) Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Immunix Communications, Inc. Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc. Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Lotus Software Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Mandriva, Inc. Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Mandriva, Inc. Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Microsoft Corporation Not Affected

Notified:  August 19, 2005 Updated: September 28, 2005

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Mirapoint, Inc. Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc. Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Netscape Communications Corporation Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Novell, Inc. Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OctetString, Inc. Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenLDAP Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Openwall GNU/*/Linux Not Affected

Notified:  August 19, 2005 Updated: September 06, 2005

Status

Not Affected

Vendor Statement

Openwall GNU/*/Linux is not vulnerable. We do not package pam_ldap.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Oracle Corporation Not Affected

Notified:  August 19, 2005 Updated: September 06, 2005

Status

Not Affected

Vendor Statement

Oracle does not ship pam_ldap with our OID product.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

PADL Affected

Notified:  August 16, 2005 Updated: August 25, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

From padl-180 changelog: "when handling new password policy control, only fall through to account management module if a policy error was returned (CERT VU#778916)."

QUALCOMM Incorporated Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Red Hat, Inc. Affected

Notified:  August 19, 2005 Updated: November 02, 2005

Status

Affected

Vendor Statement

This issue did not affect Red Hat Enterprise Linux 2.1, or 3. Updated nss_ldap packages for Red Hat Enterprise Linux 4 to correct this issue are available at the URL below and by using the Red Hat Network 'up2date' tool. http://rhn.redhat.com/errata/CVE-2005-2641.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sequent Computer Systems, Inc. Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc. Not Affected

Notified:  August 19, 2005 Updated: September 02, 2005

Status

Not Affected

Vendor Statement

Sun can confirm that Solaris is not affected by this issue. Solaris does not ship the PADL pam_ldap module or use any of the PADL code in the Solaris shipped pam_ldap(5) PAM module. Sun's Linux OS, which is part of the Java Desktop System (JDS) for Linux does not ship pam_ldap.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

SUSE Linux Not Affected

Notified:  August 19, 2005 Updated: August 22, 2005

Status

Not Affected

Vendor Statement

SUSE products are not vulnerable to the pam_ldap vulnerability described in VU#778916.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The SCO Group (SCO Linux) Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The Teamware Group Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Turbolinux Unknown

Notified:  August 19, 2005 Updated: August 19, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

View all 32 vendors View less vendors