Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:201 (pam

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57633

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:201 (pam_ldap)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to pam_ldap
announced via advisory MDKSA-2006:201.

Pam_ldap does not return an error condition when an LDAP directory
server responds with a PasswordPolicyResponse control response, which
causes the pam_authenticate function to return a success code even if
authentication has failed, as originally reported for xscreensaver.
This might lead to an attacker being able to login into a suspended
system account.

Updated packages have been patched to correct this issue.

Affected: 2006.0, 2007.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:201

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-5170
1017153
http://securitytracker.com/id?1017153
2006-0061
http://www.trustix.org/errata/2006/0061/
20061005 rPSA-2006-0183-1 nss_ldap
http://www.securityfocus.com/archive/1/447859/100/200/threaded
20880
http://www.securityfocus.com/bid/20880
22682
http://secunia.com/advisories/22682
22685
http://secunia.com/advisories/22685
22694
http://secunia.com/advisories/22694
22696
http://secunia.com/advisories/22696
22869
http://secunia.com/advisories/22869
23132
http://secunia.com/advisories/23132
23428
http://secunia.com/advisories/23428
ADV-2006-4319
http://www.vupen.com/english/advisories/2006/4319
DSA-1203
http://www.debian.org/security/2006/dsa-1203
GLSA-200612-19
http://security.gentoo.org/glsa/glsa-200612-19.xml
MDKSA-2006:201
http://www.mandriva.com/security/advisories?name=MDKSA-2006:201
RHSA-2006:0719
http://rhn.redhat.com/errata/RHSA-2006-0719.html
SUSE-SR:2006:027
http://www.novell.com/linux/security/advisories/2006_27_sr.html
http://bugzilla.padl.com/show_bug.cgi?id=291
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286
https://issues.rpath.com/browse/RPL-680
oval:org.mitre.oval:def:10418
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10418

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57633
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:201 (pam_ldap)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to pam_ldap announced via advisory MDKSA-2006:201. Pam_ldap does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. This might lead to an attacker being able to login into a suspended system account. Updated packages have been patched to correct this issue. Affected: 2006.0, 2007.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:201 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5170 1017153 http://securitytracker.com/id?1017153 2006-0061 http://www.trustix.org/errata/2006/0061/ 20061005 rPSA-2006-0183-1 nss_ldap http://www.securityfocus.com/archive/1/447859/100/200/threaded 20880 http://www.securityfocus.com/bid/20880 22682 http://secunia.com/advisories/22682 22685 http://secunia.com/advisories/22685 22694 http://secunia.com/advisories/22694 22696 http://secunia.com/advisories/22696 22869 http://secunia.com/advisories/22869 23132 http://secunia.com/advisories/23132 23428 http://secunia.com/advisories/23428 ADV-2006-4319 http://www.vupen.com/english/advisories/2006/4319 DSA-1203 http://www.debian.org/security/2006/dsa-1203 GLSA-200612-19 http://security.gentoo.org/glsa/glsa-200612-19.xml MDKSA-2006:201 http://www.mandriva.com/security/advisories?name=MDKSA-2006:201 RHSA-2006:0719 http://rhn.redhat.com/errata/RHSA-2006-0719.html SUSE-SR:2006:027 http://www.novell.com/linux/security/advisories/2006_27_sr.html http://bugzilla.padl.com/show_bug.cgi?id=291 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286 https://issues.rpath.com/browse/RPL-680 oval:org.mitre.oval:def:10418 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10418
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com