CVE-2006-5170

Severity

75%

Complexity

99%

Confidentiality

106%

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 18 years ago

2006-10-10 04:06:00

Last updated 6 years ago

2018-10-17 21:41:00

Affected Software

Red Hat fedora_core

References

http://bugzilla.padl.com/show_bug.cgi?id=291

RHSA-2006:0719

22682

22685

22694

22696

22869

23132

23428

GLSA-200612-19

1017153

DSA-1203

MDKSA-2006:201

SUSE-SR:2006:027

20061005 rPSA-2006-0183-1 nss_ldap

20880

2006-0061

ADV-2006-4319

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286

https://issues.rpath.com/browse/RPL-680

oval:org.mitre.oval:def:10418

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.