Detections
Analytics

Mandrake Linux Security Advisory : nss_ldap (MDKSA-2002:075)

high Nessus Plugin ID 13974

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A buffer overflow vulnerability exists in nss_ldap versions prior to 198. When nss_ldap is configured without a value for the 'host' keyword, it attempts to configure itself using SRV records stored in DNS. nss_ldap does not check that the data returned by the DNS query will fit into an internal buffer, thus exposing it to an overflow.

A similar issue exists in versions of nss_ldap prior to 199 where nss_ldap does not check that the data returned by the DNS query has not been truncated by the resolver libraries to avoid a buffer overflow. This can make nss_ldap attempt to parse more data than what is actually available, making it vulnerable to a read buffer overflow.

Finally, a format string bug in the logging function of pam_ldap prior to version 144 exist.

All users are recommended to upgrade to these updated packages. Note that the nss_ldap packages for 7.2, 8.0, and Single Network Firewall 7.2 contain the pam_ldap modules.

Solution

Update the affected nss_ldap and / or pam_ldap packages.

See Also

http://www.padl.com/Articles/PotentialBufferOverflowin.html

Plugin Details

Severity: High

ID: 13974

File Name: mandrake_MDKSA-2002-075.nasl

Version: 1.19

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:nss_ldap, p-cpe:/a:mandriva:linux:pam_ldap, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0, cpe:/o:mandrakesoft:mandrake_linux:8.1, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 11/7/2002

Reference Information

CVE: CVE-2002-0374, CVE-2002-0825, CVE-2002-1091, CVE-2002-1126

CERT: 738331

MDKSA: 2002:075