Luke Howard

**Name of the Vulnerable Software and Affected Versions** Samba (affected versions not specified) **Description** A flaw in Samba occurs when the KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. This issue is related to the authentication procedure and how the KDC kpasswd service handles password change requests. A user who has been requested to change their password can exploit this flaw to obtain and use tickets to other services, potentially allowing a remote attacker to elevate privileges in the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unknown vulnerability in pam ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate.