lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 05 Oct 2006 17:46:26 -0400 From: rPath Update Announcements <announce-noreply@...th.com> To: security-announce@...ts.rpath.com, update-announce@...ts.rpath.com Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, lwn@....net Subject: rPSA-2006-0183-1 nss_ldap rPath Security Advisory: 2006-0183-1 Published: 2006-10-05 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Deterministic Unauthorized Access Updated Versions: nss_ldap=/conary.rpath.com@rpl:devel//1/239-9.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170 https://issues.rpath.com/browse/RPL-680 Description: Previous versions of the nss_ldap package do not properly handle accounts locked using the PasswordPolicyResponse control response, allowing potential unauthorized access from locked accounts when systems are configured to use LDAP authentication. rPath Linux is not configured to use LDAP authentication by default.
Powered by blists - more mailing lists