| CNNVD-ID编号 | CNNVD-200610-104 |
| CVE编号 | CVE-2006-5170 |
| 发布时间 | 2006-10-10 |
| 更新时间 | 2006-10-18 |
| 漏洞类型 | 设计错误 |
| 漏洞来源 | Steve Rigler is credited with the discovery of this vulnerability. |
| 危险等级 | 高危 |
| 威胁类型 | 远程 |
| 厂 商 | redhat |
Red Hat Enterprise Linux 4,Fedora Core 3和较早的版本,以及可能的其他发行版本,其nss_ldap中的pam_ldap在LDAP目录服务器回应PasswordPolicyResponse控制响应时,并不返回出错情况,从而即使在认证失败的情况下,导致pam_authenticate函数返回成功的代码,最初报告此漏洞针对的是xscreensaver。
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
Padl Software pam_ldap Build 178
Debian libpam-ldap_178-1sarge3_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_alpha.deb
Debian libpam-ldap_178-1sarge3_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_amd64.deb
Debian libpam-ldap_178-1sarge3_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_arm.deb
Debian libpam-ldap_178-1sarge3_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_hppa.deb
Debian libpam-ldap_178-1sarge3_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_i386.deb
Debian libpam-ldap_178-1sarge3_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_ia64.deb
Debian libpam-ldap_178-1sarge3_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_m68k.deb
Debian libpam-ldap_178-1sarge3_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_mips.deb
Debian libpam-ldap_178-1sarge3_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_mipsel.deb
Debian libpam-ldap_178-1sarge3_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_powerpc.deb
Debian libpam-ldap_178-1sarge3_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-l dap_178-1sarge3_s390.deb
Trustix Secure Linux 2.2
Trustix ldapclients-common-183-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix pam_ldap-183-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-cli-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-curl-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-devel-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-exif-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-fcgi-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-gd-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-imap-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-ldap-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-mcrypt-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-mhash-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-mysql-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-openssl-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-pdo-mysql-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-pdo-sqlite-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-pgsql-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-sqlite-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-zlib-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix Secure Linux 3.0
Trustix ldapclients-common-183-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates
Trustix mutt-1.4.2.1-10tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates
Trustix pam_ldap-183-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates
Tru
来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286
来源: issues.rpath.com
来源: TRUSTIX
名称: 2006-0061
来源: BID
名称: 20880
来源: BUGTRAQ
名称: 20061005 rPSA-2006-0183-1 nss_ldap
链接:http://www.securityfocus.com/archive/1/archive/1/447859/100/200/threaded
来源: SUSE
名称: SUSE-SR:2006:027
链接:http://www.novell.com/linux/security/advisories/2006_27_sr.html
来源: MANDRIVA
名称: MDKSA-2006:201
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:201
来源: VUPEN
名称: ADV-2006-4319
来源: DEBIAN
名称: DSA-1203
来源: SECTRACK
名称: 1017153
来源: GENTOO
名称: GLSA-200612-19
来源: SECUNIA
名称: 23428
来源: SECUNIA
名称: 23132
来源: SECUNIA
名称: 22869
来源: SECUNIA
名称: 22696
来源: SECUNIA
名称: 22694
来源: SECUNIA
名称: 22685
来源: SECUNIA
名称: 22682
来源: REDHAT
名称: RHSA-2006:0719
来源: MANDRIVA
名称: MDKSA-2006:201
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:201