Mandrake Linux Security Advisory : pam_ldap (MDKSA-2006:201)
High Nessus Plugin ID 24586
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionPam_ldap does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
This might lead to an attacker being able to login into a suspended system account.
Updated packages have been patched to correct this issue.
SolutionUpdate the affected pam_ldap package.