CVE-2006-5170 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-5170
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-5170

Description: pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

CVE Status: Candidate

References: TRUSTIX http://www.trustix.org/errata/2006/0061/ SUSE http://www.novell.com/linux/security/advisories/2006_27_sr.html ST 1017153 SAID Secunia Advisory: SA22869 Secunia Advisory: SA22696 Secunia Advisory: SA22694 Secunia Advisory: SA22682 Secunia Advisory: SA23132 Secunia Advisory: SA23428 Secunia Advisory: SA22685 REDHAT http://rhn.redhat.com/errata/RHSA-2006-0719.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:201 GENTOO http://security.gentoo.org/glsa/glsa-200612-19.xml DEBIAN http://www.debian.org/security/2006/dsa-1203 CONFIRM http://bugzilla.padl.com/show_bug.cgi?id=291 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/447859/100/200/threaded BID 20880

Return to the previous page.