Mandrake Linux Security Advisory : pam_ldap (MDKSA-2003:088)
Critical Nessus Plugin ID 14070
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA bug was fixed in pam_ldap 162 with the pam_filter mechanism which is commonly used for host-based access restriction in environments using LDAP for authentication. Mandrake Linux 9.1 provided pam_ldap 161 which had this problem and as a result, systems relying on pam_filter for host-based access restriction would allow any user, regardless of the host attribute associated with their account, to log into the system. All users who use LDAP-based authentication are encouraged to upgrade immediately.
SolutionUpdate the affected nss_ldap and / or pam_ldap packages.