|
|
>> pam_ldap "PasswordPolicyResponse" Control Messages Security Bypass Vulnerability
|
Title : pam_ldap "PasswordPolicyResponse" Control Messages Security Bypass Vulnerability
VUPEN ID : VUPEN/ADV-2006-4319
CVE ID : CVE-2006-5170
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-11-03
|
A vulnerability has been identified in pam_ldap, which could be exploited by attackers to bypass security restrictions. This flaw is due to an error when handling "PasswordPolicyResponse" control messages during LDAP authentication, which could be exploited by attackers to cause the "pam_authenticate()" function to succeed allowing them to gain unauthorized access to a vulnerable application.
Affected Products
pam_ldap versions prior to 183
Solution
Upgrade to pam_ldap version 183 :
http://www.padl.com/download/pam_ldap.tgz
References
http://www.vupen.com/english/advisories/2006/4319
http://bugzilla.padl.com/show_bug.cgi?id=291
Credits
Vulnerability reported by Steve Rigler
ChangeLog
2006-11-03 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
