Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2003:088: pam_ldap Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the pam_ldap package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2003:088 (pam_ldap).
A bug was fixed in pam_ldap 162 with the pam_filter mechanism which is commonly
used for host-based access restriction in environments using LDAP for
authentication. Mandrake Linux 9.1 provided pam_ldap 161 which had this problem
and as a result, systems relying on pam_filter for host-based access restriction
would allow any user, regardless of the host attribute associated with their
account, to log into the system. All users who use LDAP-based authentication are
encouraged to upgrade immediately.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:088
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.