|
Family: Debian Local Security Checks --> Category: infos
[DSA1203] DSA-1203-1 libpam-ldap Vulnerability Scan
Vulnerability Scan Summary DSA-1203-1 libpam-ldap
Detailed Explanation for this Vulnerability Test
Steve Rigler discovered that the PAM module for authentication against
LDAP servers processes PasswordPolicyReponse control messages incorrectly,
which might lead to a possible hacker being able to login into a suspended
system account.
For the stable distribution (sarge) this problem has been fixed in
version 178-1sarge3. Due to technical problems with the security
buildd infrastructure this update lacks a build for the Sun Sparc
architecture. It will be released as soon as the problems are resolved.
For the unstable distribution (sid) this problem has been fixed in
version 180-1.2.
We recommend that you upgrade your libpam-ldap package.
Solution : http://www.debian.org/security/2006/dsa-1203
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|