Detections
Analytics

MiracleLinux 4 : nss-pam-ldapd-0.7.5-18.1.AXS4 (AXSA:2013-140:01)

critical Nessus Plugin ID 289633

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-140:01 advisory.

 The nss-pam-ldapd daemon, nslcd, uses a directory server to look up name service information (users, groups, etc.) on behalf of a lightweight nsswitch module.
 Security issues fixed with this release:
 CVE-2013-0288 nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro.
 Fixed bugs:
 Fixed a misprint in the disconnect logic and added a missing return value.
 The idle time expiration test is now performed during the LDAP search operation to prevent that the connection time out on LDAP servers under heavy load.
 When accessing a large group, the nslcd daemon read a buffer provided by the glibc library. If the buffer was too small to contain the group, glibc would increase its size until the operation was successful. This returned many redundant error messages to the /var/log/message file. It has been fixed and redundant messages are not returned.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected nss-pam-ldapd package.

See Also

https://tsn.miraclelinux.com/en/node/3768

Plugin Details

Severity: Critical

ID: 289633

File Name: miracle_linux_AXSA-2013-140.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-0288

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:nss-pam-ldapd, cpe:/o:miracle:linux:4

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 3/8/2013

Vulnerability Publication Date: 2/18/2013

Reference Information

CVE: CVE-2013-0288