FreeBSD : nss-pam-ldapd -- file descriptor buffer overflow (58c15292-7b61-11e2-95da-001e8c1a8a0e)

medium Nessus Plugin ID 64743

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Garth Mollett reports :

A file descriptor overflow issue in the use of FD_SET() in nss-pam-ldapd can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary code.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?aeea2f16

Plugin Details

Severity: Medium

ID: 64743

File Name: freebsd_pkg_58c152927b6111e295da001e8c1a8a0e.nasl

Version: 1.6

Type: local

Published: 2/21/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:nss-pam-ldapd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/20/2013

Vulnerability Publication Date: 2/18/2013

Reference Information

CVE: CVE-2013-0288