pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 00:18
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugzilla.padl.com/show_bug.cgi?id=291 - Broken Link, Issue Tracking, Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2006-0719.html - Vendor Advisory | |
References | () http://secunia.com/advisories/22682 - Third Party Advisory | |
References | () http://secunia.com/advisories/22685 - Third Party Advisory | |
References | () http://secunia.com/advisories/22694 - Third Party Advisory | |
References | () http://secunia.com/advisories/22696 - Third Party Advisory | |
References | () http://secunia.com/advisories/22869 - Third Party Advisory | |
References | () http://secunia.com/advisories/23132 - Third Party Advisory | |
References | () http://secunia.com/advisories/23428 - Third Party Advisory | |
References | () http://security.gentoo.org/glsa/glsa-200612-19.xml - Vendor Advisory | |
References | () http://securitytracker.com/id?1017153 - Third Party Advisory, VDB Entry | |
References | () http://www.debian.org/security/2006/dsa-1203 - Issue Tracking, Patch, Vendor Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDKSA-2006:201 - Third Party Advisory | |
References | () http://www.novell.com/linux/security/advisories/2006_27_sr.html - Broken Link, Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/447859/100/200/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/20880 - Third Party Advisory, VDB Entry | |
References | () http://www.trustix.org/errata/2006/0061/ - Broken Link, Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2006/4319 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286 - Issue Tracking, Vendor Advisory | |
References | () https://issues.rpath.com/browse/RPL-680 - Broken Link, Third Party Advisory | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10418 - Third Party Advisory |
Information
Published : 2006-10-10 04:06
Updated : 2024-11-21 00:18
NVD link : CVE-2006-5170
Mitre link : CVE-2006-5170
CVE.ORG link : CVE-2006-5170
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- enterprise_linux
- enterprise_linux_desktop
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_for_power_big_endian
- enterprise_linux_workstation
fedoraproject
- fedora_core
debian
- debian_linux
CWE
CWE-755
Improper Handling of Exceptional Conditions