CVE-2006-5170
Severity
7.5HIGH
EPSS
4.4%
top 11.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedOct 10
Latest updateMay 1
Description
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages5 packages
Also affects: Enterprise Linux 4.0, 4.0_s390, Debian Linux 3.1
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-3mcc-2cg8-vvjx: pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition whe↗2022-05-01
OSV▶
CVE-2006-5170: pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition whe↗2006-10-10
CVEList▶
CVE-2006-5170: pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition whe↗2006-10-04