Debian Libpam-Ldap vulnerabilities

CVE-2006-5170 [HIGH] CVE-2006-5170: libpam-ldap - pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, a... pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xs

CVE-2005-2641 [HIGH] CVE-2005-2641: libpam-ldap - Unknown vulnerability in pam_ldap before 180 does not properly handle a new pass... Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate. Scope: local bullseye: resolved (fixed in 178-1sarge1)

CVE-2005-2069 [MEDIUM] CVE-2005-2069: libnss-ldap - pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using T... pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. Scope: local bullseye: resolved (fixed in 238-1.1)

CVE-2003-0734 [CRITICAL] CVE-2003-0734: libnss-ldap - Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162... Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system. Scope: local bullseye: resolved (fixed in 207-1)