Full Disclosure mailing list archives
rPSA-2006-0183-1 nss_ldap
From: rPath Update Announcements <announce-noreply () rpath com>
Date: Thu, 05 Oct 2006 17:46:26 -0400
rPath Security Advisory: 2006-0183-1 Published: 2006-10-05 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Deterministic Unauthorized Access Updated Versions: nss_ldap=/conary.rpath.com@rpl:devel//1/239-9.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170 https://issues.rpath.com/browse/RPL-680 Description: Previous versions of the nss_ldap package do not properly handle accounts locked using the PasswordPolicyResponse control response, allowing potential unauthorized access from locked accounts when systems are configured to use LDAP authentication. rPath Linux is not configured to use LDAP authentication by default. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- rPSA-2006-0183-1 nss_ldap rPath Update Announcements (Oct 05)