ID CVE-2006-5170
Summary pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:4.0:-:linux_kernel_2.6.9
    cpe:2.3:o:redhat:enterprise_linux:4.0:-:linux_kernel_2.6.9
  • cpe:2.3:o:redhat:fedora_core:core_3.0
    cpe:2.3:o:redhat:fedora_core:core_3.0
CVSS
Base: 7.5 (as of 10-10-2006 - 11:48)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0719.NASL
    description Updated nss_ldap packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. nss_ldap is a set of C library extensions that allow X.500 and LDAP directory servers to be used as primary sources for aliases, ethers, groups, hosts, networks, protocols, users, RPCs, services, and shadow passwords. A flaw was found in the way nss_ldap handled a PasswordPolicyResponse control sent by an LDAP server. If an LDAP server responded to an authentication request with a PasswordPolicyResponse control, it was possible for an application using nss_ldap to improperly authenticate certain users. (CVE-2006-5170) This flaw was only exploitable within applications which did not properly process nss_ldap error messages. Only xscreensaver is currently known to exhibit this behavior. All users of nss_ldap should upgrade to these updated packages, which contain a backported patch that resolves this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 23676
    published 2006-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23676
    title RHEL 4 : nss_ldap (RHSA-2006:0719)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-201.NASL
    description Pam_ldap does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. This might lead to an attacker being able to login into a suspended system account. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 24586
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24586
    title Mandrake Linux Security Advisory : pam_ldap (MDKSA-2006:201)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1203.NASL
    description Steve Rigler discovered that the PAM module for authentication against LDAP servers processes PasswordPolicyReponse control messages incorrectly, which might lead to an attacker being able to login into a suspended system account.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22935
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22935
    title Debian DSA-1203-1 : libpam-ldap - programming error
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PAM_LDAP-2194.NASL
    description pam_ldap did not return an error conditions correctly when an LDAP directory server responded with a PasswordPolicyResponse control response, which caused the pam_authenticate function to return a success code even if authentication has failed. (CVE-2006-5170)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27381
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27381
    title openSUSE 10 Security Update : pam_ldap (pam_ldap-2194)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11259.NASL
    description pam_ldap in nss_ldap does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. (CVE-2006-5170)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41103
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41103
    title SuSE9 Security Update : pam_ldap (YOU Patch Number 11259)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0719.NASL
    description From Red Hat Security Advisory 2006:0719 : Updated nss_ldap packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. nss_ldap is a set of C library extensions that allow X.500 and LDAP directory servers to be used as primary sources for aliases, ethers, groups, hosts, networks, protocols, users, RPCs, services, and shadow passwords. A flaw was found in the way nss_ldap handled a PasswordPolicyResponse control sent by an LDAP server. If an LDAP server responded to an authentication request with a PasswordPolicyResponse control, it was possible for an application using nss_ldap to improperly authenticate certain users. (CVE-2006-5170) This flaw was only exploitable within applications which did not properly process nss_ldap error messages. Only xscreensaver is currently known to exhibit this behavior. All users of nss_ldap should upgrade to these updated packages, which contain a backported patch that resolves this issue.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67415
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67415
    title Oracle Linux 4 : nss_ldap (ELSA-2006-0719)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PAM_LDAP-2196.NASL
    description pam_ldap in nss_ldap does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. (CVE-2006-5170)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29546
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29546
    title SuSE 10 Security Update : pam_ldap (ZYPP Patch Number 2196)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0719.NASL
    description Updated nss_ldap packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. nss_ldap is a set of C library extensions that allow X.500 and LDAP directory servers to be used as primary sources for aliases, ethers, groups, hosts, networks, protocols, users, RPCs, services, and shadow passwords. A flaw was found in the way nss_ldap handled a PasswordPolicyResponse control sent by an LDAP server. If an LDAP server responded to an authentication request with a PasswordPolicyResponse control, it was possible for an application using nss_ldap to improperly authenticate certain users. (CVE-2006-5170) This flaw was only exploitable within applications which did not properly process nss_ldap error messages. Only xscreensaver is currently known to exhibit this behavior. All users of nss_ldap should upgrade to these updated packages, which contain a backported patch that resolves this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 36238
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36238
    title CentOS 4 : nss_ldap (CESA-2006:0719)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200612-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-200612-19 (pam_ldap: Authentication bypass vulnerability) Steve Rigler discovered that pam_ldap does not correctly handle 'PasswordPolicyResponse' control responses from an LDAP directory. This causes the pam_authenticate() function to always succeed, even if the previous authentication failed. Impact : A locked user may exploit this vulnerability to bypass the LDAP authentication mechanism, possibly gaining unauthorized access to the system. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 23956
    published 2006-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23956
    title GLSA-200612-19 : pam_ldap: Authentication bypass vulnerability
oval via4
accepted 2013-04-29T04:05:30.287-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
family unix
id oval:org.mitre.oval:def:10418
status accepted
submitted 2010-07-09T03:56:16-04:00
title pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
version 23
redhat via4
advisories
bugzilla
id 207286
title CVE-2006-5170 When using LDAP for authentication, xscreensaver allows access if account locked out.
oval
AND
  • comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
  • comment nss_ldap is earlier than 0:226-17
    oval oval:com.redhat.rhsa:tst:20060719002
  • comment nss_ldap is signed with Red Hat master key
    oval oval:com.redhat.rhsa:tst:20060719003
rhsa
id RHSA-2006:0719
released 2006-11-15
severity Moderate
title RHSA-2006:0719: nss_ldap security update (Moderate)
rpms nss_ldap-0:226-17
refmap via4
bid 20880
bugtraq 20061005 rPSA-2006-0183-1 nss_ldap
confirm
debian DSA-1203
gentoo GLSA-200612-19
mandriva MDKSA-2006:201
sectrack 1017153
secunia
  • 22682
  • 22685
  • 22694
  • 22696
  • 22869
  • 23132
  • 23428
suse SUSE-SR:2006:027
trustix 2006-0061
vupen ADV-2006-4319
Last major update 07-03-2011 - 21:42
Published 10-10-2006 - 00:06
Last modified 17-10-2018 - 17:41
Back to Top