Test ID:	1.3.6.1.4.1.25623.1.0.55724
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2005:190 (nss_ldap)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to nss_ldap announced via advisory MDKSA-2005:190. A bug was found in the way the pam_ldap module processed certain failure messages. If the server includes supplemental data in an authentication failure result message, but the data does not include any specific error code, the pam_ldap module would proceed as if the authentication request had succeeded, and authentication would succeed. This affects versions 169 through 179 of pam_ldap. The updated packages have been patched to address this issue. Affected versions: 10.1, 10.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:190 Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 14649 Common Vulnerability Exposure (CVE) ID: CVE-2005-2641 http://www.securityfocus.com/bid/14649 Bugtraq: 20061005 rPSA-2006-0183-1 nss_ldap (Google Search) http://www.securityfocus.com/archive/1/447859/100/200/threaded CERT/CC vulnerability note: VU#778916 http://www.kb.cert.org/vuls/id/778916 http://www.mandriva.com/security/advisories?name=MDKSA-2005:190 https://www.redhat.com/archives/fedora-test-list/2005-August/msg00170.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10370 http://www.redhat.com/support/errata/RHSA-2005-767.html http://secunia.com/advisories/17233 http://secunia.com/advisories/17270
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.