CVE-2005-2654

Name	CVE-2005-2654
Description	phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-790-1
Debian Bugs	322423

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
phpldapadmin (PTS)	jessie, jessie (lts)	1.2.2-5.2+deb8u3	fixed
	bookworm	1.2.6.3-0.3+deb12u1	fixed
	sid, trixie	1.2.6.7-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
egroupware	source	(unstable)	(not affected)
phpldapadmin	source	sarge	0.9.5-3sarge2	medium	DSA-790-1
phpldapadmin	source	(unstable)	0.9.6c-5	medium		322423

- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)