Mandrake Linux Security Advisory : nss_ldap (MDKSA-2002:075)
High Nessus Plugin ID 13974
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA buffer overflow vulnerability exists in nss_ldap versions prior to 198. When nss_ldap is configured without a value for the 'host' keyword, it attempts to configure itself using SRV records stored in DNS. nss_ldap does not check that the data returned by the DNS query will fit into an internal buffer, thus exposing it to an overflow.
A similar issue exists in versions of nss_ldap prior to 199 where nss_ldap does not check that the data returned by the DNS query has not been truncated by the resolver libraries to avoid a buffer overflow. This can make nss_ldap attempt to parse more data than what is actually available, making it vulnerable to a read buffer overflow.
Finally, a format string bug in the logging function of pam_ldap prior to version 144 exist.
All users are recommended to upgrade to these updated packages. Note that the nss_ldap packages for 7.2, 8.0, and Single Network Firewall 7.2 contain the pam_ldap modules.
SolutionUpdate the affected nss_ldap and / or pam_ldap packages.