SuSE 10 Security Update : pam_ldap (ZYPP Patch Number 2196)
High Nessus Plugin ID 29546
SynopsisThe remote SuSE 10 host is missing a security-related patch.
Descriptionpam_ldap in nss_ldap does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. (CVE-2006-5170)
SolutionApply ZYPP patch number 2196.