A flaw was found in the way nss_ldap handled a PasswordPolicyResponse control sent by an LDAP server. If an LDAP server responded to an authentication request with a PasswordPolicyResponse control, it was possible for an application using nss_ldap to improperly authenticate certain users. (CVE-2006-5170) This flaw was only exploitable within applications which did not properly process nss_ldap error messages. Only xscreensaver is currently known to exhibit this behavior. Looks like this effects both FC3 and FC4. RH announcement: https://rhn.redhat.com/errata/RHSA-2006-0719.html We probably want to fix bug #166164 while we're at it.
Looks like there's another issue which effects both FC3 and FC4: CVE-2005-2069 A bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP servers. If a client connection is referred to a different server, it is possible that the referred connection will not be encrypted even if the client has "ssl start_tls" in its ldap.conf file. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2069 to this issue. I'm not sure why neither this nor CAN-2005-2641 (bug #166164) were fixed in FC4, but they were fixed in RHEL, so I think we should patch them here as well.