nss-pam-ldapd 'FD_SET()' Function Stack Buffer Overflow Vulnerability
BID:58007
Info
nss-pam-ldapd 'FD_SET()' Function Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 58007 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2013-0288 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 18 2013 12:00AM |
| Updated: | May 07 2015 05:08PM |
| Credit: | Garth Mollett |
| Vulnerable: |
Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server 6 Redhat Enterprise Linux HPC Node 6 Redhat Enterprise Linux Desktop 6 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Mandriva Business Server 1 X86 64 Mandriva Business Server 1 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 CentOS CentOS 6 Arthurdejong nss-pam-ldapd 0.8.1 Arthurdejong nss-pam-ldapd 0.8 Arthurdejong nss-pam-ldapd 0.7.13 |
| Not Vulnerable: |
Arthurdejong nss-pam-ldapd 0.8.11 Arthurdejong nss-pam-ldapd 0.7.18 |
Discussion
nss-pam-ldapd 'FD_SET()' Function Stack Buffer Overflow Vulnerability
nss-pam-ldapd is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
nss-pam-ldapd versions prior 0.7.18 and 0.8.11 are vulnerable.
nss-pam-ldapd is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
nss-pam-ldapd versions prior 0.7.18 and 0.8.11 are vulnerable.
Solution / Fix
nss-pam-ldapd 'FD_SET()' Function Stack Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Mandriva Business Server 1 X86 64
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Mandriva Business Server 1 X86 64
-
Mandriva nss-pam-ldapd-0.8.6-4.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/
References
nss-pam-ldapd 'FD_SET()' Function Stack Buffer Overflow Vulnerability
References:
References:
- Bug 909119 - (CVE-2013-0288) CVE-2013-0288 nss-pam-ldapd: FD_SET array index err (Red Hat Bugzilla)
- nss-pam-ldapd Homepage (Arthur de Jong)
- 2013-02-18: security advisory: CVE-2013-0288: file descriptor buffer overflow (Arthur de Jong)