|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
rPSA-2006-0183-1 nss_ldap
From: rPath Update Announcements (announce-noreply
rpath.com)
Date: Thu Oct 05 2006 - 16:46:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
rPath Security Advisory: 2006-0183-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Deterministic Unauthorized Access
Updated Versions:
nss_ldap=/conary.rpath.comrpl:devel//1/239-9.1-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170
https://issues.rpath.com/browse/RPL-680
Description:
Previous versions of the nss_ldap package do not properly handle
accounts locked using the PasswordPolicyResponse control response,
allowing potential unauthorized access from locked accounts when
systems are configured to use LDAP authentication. rPath Linux
is not configured to use LDAP authentication by default.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]