Vulnerability Name: | CVE-2005-2641 (CCN-21982) | ||||||||||||||||
Assigned: | 2005-08-22 | ||||||||||||||||
Published: | 2005-08-22 | ||||||||||||||||
Updated: | 2018-10-19 | ||||||||||||||||
Summary: | Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. Note: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate. | ||||||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2005-2641 Source: CCN Type: RHSA-2005-767 openldap and nss_ldap security update Source: SECUNIA Type: UNKNOWN 17233 Source: SECUNIA Type: UNKNOWN 17270 Source: CCN Type: CIAC INFORMATION BULLETIN P-290 pam_ldap authentication bypass vulnerability Source: DEBIAN Type: DSA-785 libpam-ldap -- authentication bypass Source: CCN Type: GLSA-200508-22 pam_ldap: Authentication bypass vulnerability Source: CCN Type: US-CERT VU#778916 pam_ldap authentication bypass vulnerability Source: CERT-VN Type: US Government Resource VU#778916 Source: MANDRIVA Type: UNKNOWN MDKSA-2005:190 Source: CCN Type: PADL Software Web site pam_ldap Source: REDHAT Type: UNKNOWN RHSA-2005:767 Source: BUGTRAQ Type: UNKNOWN 20061005 rPSA-2006-0183-1 nss_ldap Source: BID Type: UNKNOWN 14649 Source: CCN Type: BID-14649 PADL Software PAM_LDAP Authentication Bypass Vulnerability Source: XF Type: UNKNOWN pamldap-authentication-bypass(21982) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-680 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10370 Source: MISC Type: UNKNOWN https://www.redhat.com/archives/fedora-test-list/2005-August/msg00170.html | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: ![]() | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |