← back
CVE-2006-5170

CVE-2006-5170

EPSS 3.7%
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugzilla.padl.com/show_bug.cgi?id=291http://rhn.redhat.com/errata/RHSA-2006-0719.htmlhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286http://secunia.com/advisories/22682http://secunia.com/advisories/22685http://secunia.com/advisories/22694http://secunia.com/advisories/22696http://secunia.com/advisories/22869http://secunia.com/advisories/23132http://secunia.com/advisories/23428http://security.gentoo.org/glsa/glsa-200612-19.xmlhttp://securitytracker.com/id?1017153