Bug 215745 - nss_ldap authentication bypass - CVE-2006-5170
nss_ldap authentication bypass - CVE-2006-5170
Product: Fedora Legacy
Classification: Retired
Component: nss_db (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
impact=moderate, LEGACY, 3, 4, NEEDSWORK
Depends On:
  Show dependency treegraph
Reported: 2006-11-15 10:55 EST by Jeff Sheltren
Modified: 2007-07-16 06:52 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-07-16 06:52:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jeff Sheltren 2006-11-15 10:55:35 EST
A flaw was found in the way nss_ldap handled a PasswordPolicyResponse
control sent by an LDAP server. If an LDAP server responded to an
authentication request with a PasswordPolicyResponse control, it was
possible for an application using nss_ldap to improperly authenticate
certain users. (CVE-2006-5170)

This flaw was only exploitable within applications which did not properly
process nss_ldap error messages. Only xscreensaver is currently known to
exhibit this behavior.

Looks like this effects both FC3 and FC4.

RH announcement: https://rhn.redhat.com/errata/RHSA-2006-0719.html

We probably want to fix bug #166164 while we're at it.
Comment 1 Jeff Sheltren 2006-11-16 06:10:42 EST
Looks like there's another issue which effects both FC3 and FC4: CVE-2005-2069

A bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP
servers. If a client connection is referred to a different server, it is
possible that the referred connection will not be encrypted even if the
client has "ssl start_tls" in its ldap.conf file. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2005-2069
to this issue.

I'm not sure why neither this nor CAN-2005-2641 (bug #166164) were fixed in FC4,
but they were fixed in RHEL, so I think we should patch them here as well.

Note You need to log in before you can comment on or make changes to this bug.