CVE-2017-11501

Name of the Vulnerable Software and Affected Versions NixOS versions 17.03 and earlier

Description The issue concerns an unintended default absence of SSL Certificate Validation for LDAP in NixOS. Specifically, the users.ldap NixOS module, which implements user authentication against LDAP servers via a PAM module, unconditionally disables peer verification in /etc/ldap.conf when TLS is enabled to connect to the LDAP server with users.ldap.useTLS.

Recommendations For NixOS versions 17.03 and earlier, ensure that SSL Certificate Validation for LDAP is properly configured to prevent unintended disabling of peer verification. As a temporary workaround, consider manually enabling peer verification in /etc/ldap.conf until a proper fix is applied.