[email protected]CVE-2005-2641

HistoryAug 23, 2005 - 4:00 a.m.

CVE-2005-2641

2005-08-2304:00:00

[email protected]

web.nvd.nist.gov

pam_ldap

vulnerability

privilege escalation

cve-2005-2641

cve-2005-2497

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.3%

JSON

Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate.

Affected configurations

NVD

Node

padl_softwarepam_ldapRange≤build_178

CPENameOperatorVersion
padl_software:pam_ldappadl software pam ldaplebuild_178

CPE	Name	Operator	Version
padl_software:pam_ldap	padl software pam ldap	le	build_178

References

secunia.com/advisories/17233

secunia.com/advisories/17270

www.kb.cert.org/vuls/id/778916

www.mandriva.com/security/advisories?name=MDKSA-2005:190

www.redhat.com/support/errata/RHSA-2005-767.html

www.securityfocus.com/archive/1/447859/100/200/threaded

www.securityfocus.com/bid/14649

issues.rpath.com/browse/RPL-680

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10370

www.redhat.com/archives/fedora-test-list/2005-August/msg00170.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.3%

JSON

Related for CVE-2005-2641

ubuntucve1 debiancve1 cvelist2 cve1 nvd2 nessus8 openvas6 f55 cert1 gentoo1 freebsd1 debian2 securityvulns1 centos1 osv1 redhat1