[Full-disclosure] rPSA-2006-0183-1 nss_ldap
rPath Update Announcements
announce-noreply at rpath.com
Thu Oct 5 22:46:26 BST 2006
rPath Security Advisory: 2006-0183-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Deterministic Unauthorized Access
Updated Versions:
nss_ldap=/conary.rpath.com at rpl:devel//1/239-9.1-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170
https://issues.rpath.com/browse/RPL-680
Description:
Previous versions of the nss_ldap package do not properly handle
accounts locked using the PasswordPolicyResponse control response,
allowing potential unauthorized access from locked accounts when
systems are configured to use LDAP authentication. rPath Linux
is not configured to use LDAP authentication by default.
Full-Disclosure is hosted and sponsored by Secunia.