Red Hat Local Security Checks : RedHat Security Advisory RHSA-2006:0719

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57571

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2006:0719

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2006:0719.

nss_ldap is a set of C library extensions that allow X.500 and LDAP
directory servers to be used as primary sources for aliases, ethers,
groups, hosts, networks, protocols, users, RPCs, services, and shadow
passwords.

A flaw was found in the way nss_ldap handled a PasswordPolicyResponse
control sent by an LDAP server. If an LDAP server responded to an
authentication request with a PasswordPolicyResponse control, it was
possible for an application using nss_ldap to improperly authenticate
certain users. (CVE-2006-5170)

This flaw was only exploitable within applications which did not properly
process nss_ldap error messages. Only xscreensaver is currently known to
exhibit this behavior.

All users of nss_ldap should upgrade to these updated packages, which
contain a backported patch that resolves this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0719.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-5170
1017153
http://securitytracker.com/id?1017153
2006-0061
http://www.trustix.org/errata/2006/0061/
20061005 rPSA-2006-0183-1 nss_ldap
http://www.securityfocus.com/archive/1/447859/100/200/threaded
20880
http://www.securityfocus.com/bid/20880
22682
http://secunia.com/advisories/22682
22685
http://secunia.com/advisories/22685
22694
http://secunia.com/advisories/22694
22696
http://secunia.com/advisories/22696
22869
http://secunia.com/advisories/22869
23132
http://secunia.com/advisories/23132
23428
http://secunia.com/advisories/23428
ADV-2006-4319
http://www.vupen.com/english/advisories/2006/4319
DSA-1203
http://www.debian.org/security/2006/dsa-1203
GLSA-200612-19
http://security.gentoo.org/glsa/glsa-200612-19.xml
MDKSA-2006:201
http://www.mandriva.com/security/advisories?name=MDKSA-2006:201
RHSA-2006:0719
http://rhn.redhat.com/errata/RHSA-2006-0719.html
SUSE-SR:2006:027
http://www.novell.com/linux/security/advisories/2006_27_sr.html
http://bugzilla.padl.com/show_bug.cgi?id=291
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286
https://issues.rpath.com/browse/RPL-680
oval:org.mitre.oval:def:10418
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10418

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57571
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0719
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0719. nss_ldap is a set of C library extensions that allow X.500 and LDAP directory servers to be used as primary sources for aliases, ethers, groups, hosts, networks, protocols, users, RPCs, services, and shadow passwords. A flaw was found in the way nss_ldap handled a PasswordPolicyResponse control sent by an LDAP server. If an LDAP server responded to an authentication request with a PasswordPolicyResponse control, it was possible for an application using nss_ldap to improperly authenticate certain users. (CVE-2006-5170) This flaw was only exploitable within applications which did not properly process nss_ldap error messages. Only xscreensaver is currently known to exhibit this behavior. All users of nss_ldap should upgrade to these updated packages, which contain a backported patch that resolves this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0719.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5170 1017153 http://securitytracker.com/id?1017153 2006-0061 http://www.trustix.org/errata/2006/0061/ 20061005 rPSA-2006-0183-1 nss_ldap http://www.securityfocus.com/archive/1/447859/100/200/threaded 20880 http://www.securityfocus.com/bid/20880 22682 http://secunia.com/advisories/22682 22685 http://secunia.com/advisories/22685 22694 http://secunia.com/advisories/22694 22696 http://secunia.com/advisories/22696 22869 http://secunia.com/advisories/22869 23132 http://secunia.com/advisories/23132 23428 http://secunia.com/advisories/23428 ADV-2006-4319 http://www.vupen.com/english/advisories/2006/4319 DSA-1203 http://www.debian.org/security/2006/dsa-1203 GLSA-200612-19 http://security.gentoo.org/glsa/glsa-200612-19.xml MDKSA-2006:201 http://www.mandriva.com/security/advisories?name=MDKSA-2006:201 RHSA-2006:0719 http://rhn.redhat.com/errata/RHSA-2006-0719.html SUSE-SR:2006:027 http://www.novell.com/linux/security/advisories/2006_27_sr.html http://bugzilla.padl.com/show_bug.cgi?id=291 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286 https://issues.rpath.com/browse/RPL-680 oval:org.mitre.oval:def:10418 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10418
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com