CVE-2006-5170 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-5170 Interim 1 32 2023-12-09T02:17:05Z current 2021-05-30T12:36:53Z 2023-12-09T02:17:05Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-5170 pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YS424RKS7J2Z3K7U7M7VI3D2OZRAX5GA/#YS424RKS7J2Z3K7U7M7VI3D2OZRAX5GA E-Mail link for SUSE-SR:2006:027 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for Legacy 15 SP2 SUSE Linux Enterprise Module for Legacy 15 SP2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Module for Legacy 15 SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server Business Critical Linux 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Module for Legacy 15 SP2 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Module for Legacy 15 SP2 SUSE Manager Retail Branch Server 4.0 SUSE Linux Enterprise Module for Legacy 15 SP2 SUSE Manager Server 4.0 SUSE Linux Enterprise Module for Legacy 15 SP2 pam_ldap pam_ldap-184-147.20 pam_ldap-32bit pam_ldap-32bit-184-147.20 pam_ldap-x86-184-147.20 pam_ldap-184-147.20 as a component of SUSE Linux Enterprise Server 11 SP1 pam_ldap-32bit-184-147.20 as a component of SUSE Linux Enterprise Server 11 SP1 pam_ldap-x86-184-147.20 as a component of SUSE Linux Enterprise Server 11 SP1 pam_ldap-184-147.20 as a component of SUSE Linux Enterprise Server 11 SP2 pam_ldap-32bit-184-147.20 as a component of SUSE Linux Enterprise Server 11 SP2 pam_ldap-x86-184-147.20 as a component of SUSE Linux Enterprise Server 11 SP2 pam_ldap-184-147.20 as a component of SUSE Linux Enterprise Server 11 SP3 pam_ldap-32bit-184-147.20 as a component of SUSE Linux Enterprise Server 11 SP3 pam_ldap-x86-184-147.20 as a component of SUSE Linux Enterprise Server 11 SP3 pam_ldap-184-147.20 as a component of SUSE Linux Enterprise Server 11 SP4 pam_ldap-32bit-184-147.20 as a component of SUSE Linux Enterprise Server 11 SP4 pam_ldap-x86-184-147.20 as a component of SUSE Linux Enterprise Server 11 SP4 pam_ldap as a component of SUSE CaaS Platform 4.0 pam_ldap-32bit as a component of SUSE CaaS Platform 4.0 pam_ldap as a component of SUSE Enterprise Storage 6 pam_ldap as a component of SUSE Linux Enterprise Module for Legacy 15 SP2 pam_ldap-32bit as a component of SUSE Linux Enterprise Module for Legacy 15 SP2 pam_ldap as a component of SUSE Linux Enterprise Server 15 SP1-LTSS pam_ldap-32bit as a component of SUSE Linux Enterprise Server 15 SP1-LTSS pam_ldap as a component of SUSE Linux Enterprise Server 15-LTSS pam_ldap-32bit as a component of SUSE Linux Enterprise Server 15-LTSS pam_ldap as a component of SUSE Linux Enterprise Server Business Critical Linux 15 SP1 pam_ldap as a component of SUSE Linux Enterprise Server for SAP Applications 15 pam_ldap-32bit as a component of SUSE Linux Enterprise Server for SAP Applications 15 pam_ldap as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 pam_ldap-32bit as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 pam_ldap as a component of SUSE Manager Proxy 4.0 pam_ldap as a component of SUSE Manager Retail Branch Server 4.0 pam_ldap as a component of SUSE Manager Server 4.0 pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. CVE-2006-5170 SUSE Linux Enterprise Server 11 SP1:pam_ldap-184-147.20 SUSE Linux Enterprise Server 11 SP1:pam_ldap-32bit-184-147.20 SUSE Linux Enterprise Server 11 SP1:pam_ldap-x86-184-147.20 SUSE Linux Enterprise Server 11 SP2:pam_ldap-184-147.20 SUSE Linux Enterprise Server 11 SP2:pam_ldap-32bit-184-147.20 SUSE Linux Enterprise Server 11 SP2:pam_ldap-x86-184-147.20 SUSE Linux Enterprise Server 11 SP3:pam_ldap-184-147.20 SUSE Linux Enterprise Server 11 SP3:pam_ldap-32bit-184-147.20 SUSE Linux Enterprise Server 11 SP3:pam_ldap-x86-184-147.20 SUSE Linux Enterprise Server 11 SP4:pam_ldap-184-147.20 SUSE Linux Enterprise Server 11 SP4:pam_ldap-32bit-184-147.20 SUSE Linux Enterprise Server 11 SP4:pam_ldap-x86-184-147.20 SUSE CaaS Platform 4.0:pam_ldap SUSE CaaS Platform 4.0:pam_ldap-32bit SUSE Enterprise Storage 6:pam_ldap SUSE Linux Enterprise Module for Legacy 15 SP2:pam_ldap SUSE Linux Enterprise Module for Legacy 15 SP2:pam_ldap-32bit SUSE Linux Enterprise Server 15 SP1-LTSS:pam_ldap SUSE Linux Enterprise Server 15 SP1-LTSS:pam_ldap-32bit SUSE Linux Enterprise Server 15-LTSS:pam_ldap SUSE Linux Enterprise Server 15-LTSS:pam_ldap-32bit SUSE Linux Enterprise Server Business Critical Linux 15 SP1:pam_ldap SUSE Linux Enterprise Server for SAP Applications 15 SP1:pam_ldap SUSE Linux Enterprise Server for SAP Applications 15 SP1:pam_ldap-32bit SUSE Linux Enterprise Server for SAP Applications 15:pam_ldap SUSE Linux Enterprise Server for SAP Applications 15:pam_ldap-32bit SUSE Manager Proxy 4.0:pam_ldap SUSE Manager Retail Branch Server 4.0:pam_ldap SUSE Manager Server 4.0:pam_ldap important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P