 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.57571 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2006:0719 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory RHSA-2006:0719. nss_ldap is a set of C library extensions that allow X.500 and LDAP directory servers to be used as primary sources for aliases, ethers, groups, hosts, networks, protocols, users, RPCs, services, and shadow passwords. A flaw was found in the way nss_ldap handled a PasswordPolicyResponse control sent by an LDAP server. If an LDAP server responded to an authentication request with a PasswordPolicyResponse control, it was possible for an application using nss_ldap to improperly authenticate certain users. (CVE-2006-5170) This flaw was only exploitable within applications which did not properly process nss_ldap error messages. Only xscreensaver is currently known to exhibit this behavior. All users of nss_ldap should upgrade to these updated packages, which contain a backported patch that resolves this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0719.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-5170 1017153 http://securitytracker.com/id?1017153 2006-0061 http://www.trustix.org/errata/2006/0061/ 20061005 rPSA-2006-0183-1 nss_ldap http://www.securityfocus.com/archive/1/447859/100/200/threaded 20880 http://www.securityfocus.com/bid/20880 22682 http://secunia.com/advisories/22682 22685 http://secunia.com/advisories/22685 22694 http://secunia.com/advisories/22694 22696 http://secunia.com/advisories/22696 22869 http://secunia.com/advisories/22869 23132 http://secunia.com/advisories/23132 23428 http://secunia.com/advisories/23428 ADV-2006-4319 http://www.vupen.com/english/advisories/2006/4319 DSA-1203 http://www.debian.org/security/2006/dsa-1203 GLSA-200612-19 http://security.gentoo.org/glsa/glsa-200612-19.xml MDKSA-2006:201 http://www.mandriva.com/security/advisories?name=MDKSA-2006:201 RHSA-2006:0719 http://rhn.redhat.com/errata/RHSA-2006-0719.html SUSE-SR:2006:027 http://www.novell.com/linux/security/advisories/2006_27_sr.html http://bugzilla.padl.com/show_bug.cgi?id=291 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286 https://issues.rpath.com/browse/RPL-680 oval:org.mitre.oval:def:10418 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10418 |
| Copyright | Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |