Mandrake Linux Security Advisory : nss_ldap (MDKSA-2005:190)
High Nessus Plugin ID 20120
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA bug was found in the way the pam_ldap module processed certain failure messages. If the server includes supplemental data in an authentication failure result message, but the data does not include any specific error code, the pam_ldap module would proceed as if the authentication request had succeeded, and authentication would succeed. This affects versions 169 through 179 of pam_ldap.
The updated packages have been patched to address this issue.
SolutionUpdate the affected nss_ldap and / or pam_ldap packages.