CVE - CVE-2006-5170

CVE-ID
CVE-2006-5170	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1017153 URL:http://securitytracker.com/id?1017153 MISC:2006-0061 URL:~~http://www.trustix.org/errata/2006/0061/~~ (Obsolete source - check if archived by the Wayback Machine) MISC:20061005 rPSA-2006-0183-1 nss_ldap URL:http://www.securityfocus.com/archive/1/447859/100/200/threaded MISC:20880 URL:http://www.securityfocus.com/bid/20880 MISC:22682 URL:http://secunia.com/advisories/22682 MISC:22685 URL:http://secunia.com/advisories/22685 MISC:22694 URL:http://secunia.com/advisories/22694 MISC:22696 URL:http://secunia.com/advisories/22696 MISC:22869 URL:http://secunia.com/advisories/22869 MISC:23132 URL:http://secunia.com/advisories/23132 MISC:23428 URL:http://secunia.com/advisories/23428 MISC:ADV-2006-4319 URL:~~http://www.vupen.com/english/advisories/2006/4319~~ (Obsolete source) MISC:DSA-1203 URL:http://www.debian.org/security/2006/dsa-1203 MISC:GLSA-200612-19 URL:http://security.gentoo.org/glsa/glsa-200612-19.xml MISC:MDKSA-2006:201 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:201~~ (Obsolete source) MISC:RHSA-2006:0719 URL:http://rhn.redhat.com/errata/RHSA-2006-0719.html MISC:SUSE-SR:2006:027 URL:http://www.novell.com/linux/security/advisories/2006_27_sr.html MISC:http://bugzilla.padl.com/show_bug.cgi?id=291 URL:http://bugzilla.padl.com/show_bug.cgi?id=291 MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286 URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286 MISC:https://issues.rpath.com/browse/RPL-680 URL:https://issues.rpath.com/browse/RPL-680 MISC:oval:org.mitre.oval:def:10418 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10418
Assigning CNA
Red Hat, Inc.
Date Record Created
20061004	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061004)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)