CVE-2006-5170

Name: CVE-2006-5170
Creator: NVD / NIST
Published: 2006-10-10T04:06:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.73%

Last modified Jun 16, 2026

CVE-2006-5170 is a vulnerability of currently unknown severity. pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.. EPSS estimates a 3.73% chance of exploitation in the next 30 days.

Description

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

Metrics

EPSS Probability

3.73%

88.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-755

Affected Software

Vendor	Product	Versions
Fedoraproject	Fedora Core	<= core_3.0
Redhat	Enterprise Linux	4.0
Redhat	Enterprise Linux Desktop	4.0
Redhat	Enterprise Linux For Ibm Z Systems	4.0_s390
Redhat	Enterprise Linux For Ibm Z Systems	4.0_s390x
Redhat	Enterprise Linux For Power Big Endian	4.0
Redhat	Enterprise Linux Server	4.0
Redhat	Enterprise Linux Workstation	4.0
Debian	Debian Linux	3.1

References

http://bugzilla.padl.com/show_bug.cgi?id=291Broken Link, Issue Tracking, Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0719.htmlVendor Advisory
http://secunia.com/advisories/22682Third Party Advisory
http://secunia.com/advisories/22685Third Party Advisory
http://secunia.com/advisories/22694Third Party Advisory
http://secunia.com/advisories/22696Third Party Advisory
http://secunia.com/advisories/22869Third Party Advisory
http://secunia.com/advisories/23132Third Party Advisory
http://secunia.com/advisories/23428Third Party Advisory
http://security.gentoo.org/glsa/glsa-200612-19.xmlVendor Advisory
http://securitytracker.com/id?1017153Third Party Advisory, VDB Entry
http://www.debian.org/security/2006/dsa-1203Issue Tracking, Patch, Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:201Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_27_sr.htmlBroken Link, Vendor Advisory
http://www.securityfocus.com/archive/1/447859/100/200/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/20880Third Party Advisory, VDB Entry
http://www.trustix.org/errata/2006/0061/Broken Link, Third Party Advisory
http://www.vupen.com/english/advisories/2006/4319Third Party Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286Issue Tracking, Vendor Advisory
https://issues.rpath.com/browse/RPL-680Broken Link, Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10418Third Party Advisory
http://bugzilla.padl.com/show_bug.cgi?id=291Broken Link, Issue Tracking, Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0719.htmlVendor Advisory
http://secunia.com/advisories/22682Third Party Advisory
http://secunia.com/advisories/22685Third Party Advisory
http://secunia.com/advisories/22694Third Party Advisory
http://secunia.com/advisories/22696Third Party Advisory
http://secunia.com/advisories/22869Third Party Advisory
http://secunia.com/advisories/23132Third Party Advisory
http://secunia.com/advisories/23428Third Party Advisory
http://security.gentoo.org/glsa/glsa-200612-19.xmlVendor Advisory
http://securitytracker.com/id?1017153Third Party Advisory, VDB Entry
http://www.debian.org/security/2006/dsa-1203Issue Tracking, Patch, Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:201Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_27_sr.htmlBroken Link, Vendor Advisory
http://www.securityfocus.com/archive/1/447859/100/200/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/20880Third Party Advisory, VDB Entry
http://www.trustix.org/errata/2006/0061/Broken Link, Third Party Advisory
http://www.vupen.com/english/advisories/2006/4319Third Party Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286Issue Tracking, Vendor Advisory
https://issues.rpath.com/browse/RPL-680Broken Link, Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10418Third Party Advisory

Timeline

Published: Oct 10, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-5170?

How severe is CVE-2006-5170?

Severity scoring for CVE-2006-5170 is pending analysis. The EPSS model estimates a 3.73% probability of exploitation in the next 30 days.

How do I fix CVE-2006-5170?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-5170?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST