CVE-2006-5170

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 10-10-2006 06:06

Last modified: - 25-02-2022 08:20

Total changes: - 3

Description

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

7.5

Base score

10.0

6.4

Exploitability score

Impact score

Verification logic

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=4.0 AND edition=linux_kernel_2.6.9

vendor=fedoraproject AND product=fedora_core AND versionEndIncluding=core_3.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=4.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_desktop AND version=4.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_ibm_z_systems AND version=4.0_s390

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_ibm_z_systems AND version=4.0_s390x

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian AND version=4.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server AND version=4.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_workstation AND version=4.0

vendor=Debian AND product=debian_linux AND version=3.1

Reference

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286
https://issues.rpath.com/browse/RPL-680
http://bugzilla.padl.com/show_bug.cgi?id=291
DSA-1203-Issue Tracking, Patch, Vendor Advisory
20880-Third Party Advisory, VDB Entry
1017153-Third Party Advisory, VDB Entry
22682-Third Party Advisory
22694-Third Party Advisory
22696-Third Party Advisory
RHSA-2006:0719-Vendor Advisory
22869-Third Party Advisory
SUSE-SR:2006:027-Broken Link, Vendor Advisory
23132-Third Party Advisory
GLSA-200612-19-Vendor Advisory
23428-Third Party Advisory
2006-0061-Broken Link, Third Party Advisory
22685-Third Party Advisory
MDKSA-2006:201-Third Party Advisory
ADV-2006-4319-Third Party Advisory
oval:org.mitre.oval:def:10418-Third Party Advisory
20061005 rPSA-2006-0183-1 nss_ldap-Third Party Advisory, VDB Entry

Keywords

CVE-2006-5170

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2006-5170

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures