Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:201: pam_ldap Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the pam_ldap package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:201 (pam_ldap).
Pam_ldap does not return an error condition when an LDAP directory
server responds with a PasswordPolicyResponse control response, which
causes the pam_authenticate function to return a success code even if
authentication has failed, as originally reported for xscreensaver.
This might lead to a possible hacker being able to login into a suspended
Updated packages have been patched to correct this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:201
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.