First published: Wed Oct 04 2006(Updated: )
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Enterprise Linux | =4.0 | |
Fedoraproject Fedora Core | <=core_3.0 | |
Redhat Enterprise Linux | =4.0 | |
Redhat Enterprise Linux Desktop | =4.0 | |
Redhat Enterprise Linux Server | =4.0 | |
Redhat Enterprise Linux Workstation | =4.0 | |
Redhat Enterprise Linux For Ibm Z Systems | =4.0_s390x | |
Redhat Enterprise Linux For Ibm Z Systems | =4.0_s390 | |
Redhat Enterprise Linux For Power Big Endian | =4.0 | |
Debian Debian Linux | =3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.