rPSA-2006-0183-1 nss_ldap Oct 05 2006 09:46PM
rPath Update Announcements (announce-noreply rpath com)
rPath Security Advisory: 2006-0183-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Deterministic Unauthorized Access
Updated Versions:
nss_ldap=/conary.rpath.com@rpl:devel//1/239-9.1-1

References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170
https://issues.rpath.com/browse/RPL-680

Description:
Previous versions of the nss_ldap package do not properly handle
accounts locked using the PasswordPolicyResponse control response,
allowing potential unauthorized access from locked accounts when
systems are configured to use LDAP authentication. rPath Linux
is not configured to use LDAP authentication by default.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus