rPSA-2006-0183-1 nss_ldap

To: security-announce@xxxxxxxxxxxxxxx, update-announce@xxxxxxxxxxxxxxx
Subject: rPSA-2006-0183-1 nss_ldap
From: rPath Update Announcements <announce-noreply@xxxxxxxxx>
Date: Thu, 05 Oct 2006 17:46:26 -0400
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, lwn@xxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: nail 11.22 3/20/05

rPath Security Advisory: 2006-0183-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
    Deterministic Unauthorized Access
Updated Versions:
    nss_ldap=/conary.rpath.com@rpl:devel//1/239-9.1-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170
    https://issues.rpath.com/browse/RPL-680

Description:
    Previous versions of the nss_ldap package do not properly handle
    accounts locked using the PasswordPolicyResponse control response,
    allowing potential unauthorized access from locked accounts when
    systems are configured to use LDAP authentication.  rPath Linux
    is not configured to use LDAP authentication by default.

Prev by Date: ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability
Next by Date: rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server
Previous by thread: ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability
Next by thread: rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server
Index(es):
- Date
- Thread