Headline
CVE-2006-5170: 207286 – CVE-2006-5170 When using LDAP for authentication, xscreensaver allows access if account locked out.
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
Bug 207286 - CVE-2006-5170 When using LDAP for authentication, xscreensaver allows access if account locked out.
Summary: CVE-2006-5170 When using LDAP for authentication, xscreensaver allows access …
Keywords:
Status:
CLOSED ERRATA
Alias:
None
Product:
Red Hat Enterprise Linux 4
Classification:
Red Hat
Component:
nss_ldap
Sub Component:
Version:
4.4
Hardware:
x86_64
OS:
Linux
Priority:
medium
Severity:
high
Target Milestone:
—
Target Release:
—
Assignee:
Nalin Dahyabhai
QA Contact:
Jay Turner
Docs Contact:
URL:
Whiteboard:
impact=moderate,source=redhat,public=…
Depends On:
Blocks:
TreeView+
depends on / blocked
Reported:
2006-09-20 14:27 UTC by Steve Rigler
Modified:
2015-01-08 00:14 UTC (History)
CC List:
6 users (show)
Fixed In Version:
RHSA-2006-0719
Doc Type:
Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
2006-11-15 14:26:05 UTC
Target Upstream Version:
Attachments
(Terms of Use)
tcpdump output (11.10 KB, application/x-extension-out)
2006-09-22 12:29 UTC, Steve Rigler
no flags
Details
updated source package with proposed patch (362.02 KB, application/octet-stream)
2006-09-22 22:01 UTC, Nalin Dahyabhai
no flags
Details
View All Add an attachment (proposed patch, testcase, etc.)
Links
System
ID
Private
Priority
Status
Summary
Last Updated
PADL Software
291
0
None
None
None
Never
Red Hat Product Errata
RHSA-2006:0719
0
normal
SHIPPED_LIVE
Moderate: nss_ldap security update
2006-11-15 14:26:02 UTC