Red Hat Bugzilla – Bug 215745
nss_ldap authentication bypass - CVE-2006-5170
Last modified: 2007-07-16 06:52:45 EDT
A flaw was found in the way nss_ldap handled a PasswordPolicyResponse
control sent by an LDAP server. If an LDAP server responded to an
authentication request with a PasswordPolicyResponse control, it was
possible for an application using nss_ldap to improperly authenticate
certain users. (CVE-2006-5170)
This flaw was only exploitable within applications which did not properly
process nss_ldap error messages. Only xscreensaver is currently known to
exhibit this behavior.
Looks like this effects both FC3 and FC4.
RH announcement: https://rhn.redhat.com/errata/RHSA-2006-0719.html
We probably want to fix bug #166164 while we're at it.
Looks like there's another issue which effects both FC3 and FC4: CVE-2005-2069
A bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP
servers. If a client connection is referred to a different server, it is
possible that the referred connection will not be encrypted even if the
client has "ssl start_tls" in its ldap.conf file. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2005-2069
to this issue.
I'm not sure why neither this nor CAN-2005-2641 (bug #166164) were fixed in FC4,
but they were fixed in RHEL, so I think we should patch them here as well.