CVE-2006-5170
Published: 10 October 2006
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
Priority
Status
Package | Release | Status |
---|---|---|
libpam-ldap Launchpad, Ubuntu, Debian |
dapper |
Released
(180-1ubuntu0.6.06)
|
edgy |
Released
(180-1ubuntu0.6.10)
|
|
feisty |
Released
(180-1.7)
|
|
upstream |
Needs triage
|