pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and previous versions, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise linux 4.0 |
||
fedoraproject fedora core |
||
redhat enterprise linux desktop 4.0 |
||
redhat enterprise linux for ibm z systems 4.0_s390 |
||
redhat enterprise linux for ibm z systems 4.0_s390x |
||
redhat enterprise linux for power big endian 4.0 |
||
redhat enterprise linux server 4.0 |
||
redhat enterprise linux workstation 4.0 |
||
debian debian linux 3.1 |