CVE-2006-5170
Published Oct 10, 2006
Last updated 3 years ago
Overview
- Description
- pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-755
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora_core:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9E92E73-CF09-41C6-81DB-433CB5567740",
"versionEndIncluding": "core_3.0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:linux_kernel_2.6.9:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A4A962F-3512-40C5-8860-F3212E441494"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6172AF57-B26D-45F8-BE3A-F75ABDF28F49"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:4.0_s390:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D61640B1-2E39-4999-9730-2C87B98B6E0F"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:4.0_s390x:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9477527F-31BE-407A-8FF6-CC1739347D30"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09B1AD66-4C59-4032-A6F6-703F56DC0CB2"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"
}
],
"operator": "OR"
}
]
}
]