Unrated severityNVD Advisory· Published Oct 10, 2006· Updated Apr 23, 2026

CVE-2006-5170

Description

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

Affected products

Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
Fedoraproject/Fedora Core
cpe:2.3:o:fedoraproject:fedora_core:*:*:*:*:*:*:*:*
Range: <=core_3.0
Red Hat/Enterprise Linux2 versions
cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:linux_kernel_2.6.9:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux For Ibm Z Systems2 versions
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:4.0_s390:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:4.0_s390:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:4.0_s390x:*:*:*:*:*:*:*
Red Hat/Enterprise Linux For Power Big Endian
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:4.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2006/dsa-1203nvdIssue TrackingPatchVendor Advisory
bugzilla.padl.com/show_bug.cginvdBroken LinkIssue TrackingVendor Advisory
rhn.redhat.com/errata/RHSA-2006-0719.htmlnvdVendor Advisory
secunia.com/advisories/22682nvdThird Party Advisory
secunia.com/advisories/22685nvdThird Party Advisory
secunia.com/advisories/22694nvdThird Party Advisory
secunia.com/advisories/22696nvdThird Party Advisory
secunia.com/advisories/22869nvdThird Party Advisory
secunia.com/advisories/23132nvdThird Party Advisory
secunia.com/advisories/23428nvdThird Party Advisory
security.gentoo.org/glsa/glsa-200612-19.xmlnvdVendor Advisory
securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.mandriva.com/security/advisoriesnvdThird Party Advisory
www.novell.com/linux/security/advisories/2006_27_sr.htmlnvdBroken LinkVendor Advisory
www.securityfocus.com/archive/1/447859/100/200/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/20880nvdThird Party AdvisoryVDB Entry
www.trustix.org/errata/2006/0061/nvdBroken LinkThird Party Advisory
www.vupen.com/english/advisories/2006/4319nvdThird Party Advisory
bugzilla.redhat.com/bugzilla/show_bug.cginvdIssue TrackingVendor Advisory
issues.rpath.com/browse/RPL-680nvdBroken LinkThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10418nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000