[<prev] [next>] [day] [month] [year] [list]
Message-ID: <45257d32.nX3eZj6a/TBOxq3W%announce-noreply@rpath.com>
Date: Thu, 05 Oct 2006 17:46:26 -0400
From: rPath Update Announcements <announce-noreply@...th.com>
To: security-announce@...ts.rpath.com,
update-announce@...ts.rpath.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
lwn@....net
Subject: rPSA-2006-0183-1 nss_ldap
rPath Security Advisory: 2006-0183-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Deterministic Unauthorized Access
Updated Versions:
nss_ldap=/conary.rpath.com@rpl:devel//1/239-9.1-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170
https://issues.rpath.com/browse/RPL-680
Description:
Previous versions of the nss_ldap package do not properly handle
accounts locked using the PasswordPolicyResponse control response,
allowing potential unauthorized access from locked accounts when
systems are configured to use LDAP authentication. rPath Linux
is not configured to use LDAP authentication by default.
Powered by blists - more mailing lists