Mandrake Linux Security Advisory : nss_ldap (MDKSA-2002:075)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A buffer overflow vulnerability exists in nss_ldap versions prior to
198. When nss_ldap is configured without a value for the 'host'
keyword, it attempts to configure itself using SRV records stored in
DNS. nss_ldap does not check that the data returned by the DNS query
will fit into an internal buffer, thus exposing it to an overflow.

A similar issue exists in versions of nss_ldap prior to 199 where
nss_ldap does not check that the data returned by the DNS query has
not been truncated by the resolver libraries to avoid a buffer
overflow. This can make nss_ldap attempt to parse more data than what
is actually available, making it vulnerable to a read buffer overflow.

Finally, a format string bug in the logging function of pam_ldap prior
to version 144 exist.

All users are recommended to upgrade to these updated packages. Note
that the nss_ldap packages for 7.2, 8.0, and Single Network Firewall
7.2 contain the pam_ldap modules.

See also :

http://www.padl.com/Articles/PotentialBufferOverflowin.html

Solution :

Update the affected nss_ldap and / or pam_ldap packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13974 (mandrake_MDKSA-2002-075.nasl)

Bugtraq ID:

CVE ID: CVE-2002-0374
CVE-2002-0825
CVE-2002-1091
CVE-2002-1126

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now