New Search

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4 Fedora Core 3 and earlier and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response which causes the pam_authenticate function to return a success code even if authentication has failed as originally reported for xscreensaver.

oval:org.mitre.oval:def:10418

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4 Fedora Core 3 and earlier and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response which causes the pam_authenticate function to return a success code even if authentication has failed as originally reported for xscreensaver.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 4
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2006-5170
Product(s):