CVE-2006-5170

pam_ldap - Info Disclosure

Title source: llm

Description

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

References (21)

[Broken Link, Issue Tracking, Vendor Advisory] http://bugzilla.padl.com/show_bug.cgi?id=291

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2006-0719.html

[Third Party Advisory] http://secunia.com/advisories/22682

[Third Party Advisory] http://secunia.com/advisories/22685

[Third Party Advisory] http://secunia.com/advisories/22694

[Third Party Advisory] http://secunia.com/advisories/22696

[Third Party Advisory] http://secunia.com/advisories/22869

[Third Party Advisory] http://secunia.com/advisories/23132

[Third Party Advisory] http://secunia.com/advisories/23428

[Vendor Advisory] http://security.gentoo.org/glsa/glsa-200612-19.xml

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017153

[Issue Tracking, Patch, Vendor Advisory] http://www.debian.org/security/2006/dsa-1203

[Third Party Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2006:201

[Broken Link, Vendor Advisory] http://www.novell.com/linux/security/advisories/2006_27_sr.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/447859/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/20880

[Broken Link, Third Party Advisory] http://www.trustix.org/errata/2006/0061/

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/4319

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286

[Broken Link, Third Party Advisory] https://issues.rpath.com/browse/RPL-680

... and 1 more

Scores

EPSS 0.0435

EPSS Percentile 88.8%

Classification

CWE

CWE-755

Status draft

Affected Products (10)

fedoraproject/fedora_core < core_3.0

redhat/enterprise_linux

redhat/enterprise_linux

redhat/enterprise_linux_desktop

redhat/enterprise_linux_for_ibm_z_systems

redhat/enterprise_linux_for_ibm_z_systems

redhat/enterprise_linux_for_power_big_endian

redhat/enterprise_linux_server

redhat/enterprise_linux_workstation

debian/debian_linux

Timeline

Published Oct 10, 2006

Tracked Since Feb 18, 2026