GLSA: nss_ldap

From: Daniel Ahlberg (alizat_private)
Date: Sun Oct 13 2002 - 05:43:50 PDT

Next message: Daniel Ahlberg: "GLSA: heimdal"

Previous message: Steve Bellovin: "Input requested for second edition of "Firewalls and Internet Security""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------

PACKAGE        :nss_ldap
SUMMARY        :Buffer overflow
DATE           :2002-10-13 12:45 UTC

- - --------------------------------------------------------------------

Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 
allows remote attackers to cause a denial of service and possibly 
execute arbitrary code.

DETAIL

When versions of nss_ldap prior to nss_ldap-198 are configured 
without a value for the "host" setting, nss_ldap will attempt to 
configure itself by using SRV records stored in DNS.  When parsing the 
results of the DNS query, nss_ldap does not check that the data 
returned by the server willfit into an internal buffer, leaving it 
vulnerable to a buffer overflow. The Common Vulnerabilities and 
Exposures project (cve.mitre.org) has assigned the name CAN-2002-0825 
to this issue.

When versions of nss_ldap prior to nss_ldap-199 are configured 
without a value for the "host" setting, nss_ldap will attempt to 
configure itself by using SRV records stored in DNS.  When parsing 
the results of the DNS query, nss_ldap does not check that the data 
returned has not been truncated by the resolver libraries to avoid a 
buffer overflow, and may attempt to parse more data than is actually 
available, leaving it vulnerable to a read buffer overflow.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-libs/nss_ldap-174-r2 and earlier update their systems
as follows:

emerge rsync
emerge nss_ldap
emerge clean

- - --------------------------------------------------------------------
alizat_private - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9qWqGfT7nyhUpoZMRAl5/AJ9OguSgjT472Jc3wPhXSBZA8k8YcwCeMNDj
ZEvGURfhv4eJwk0ZYFUiCWo=
=7SpP
-----END PGP SIGNATURE-----

Next message: Daniel Ahlberg: "GLSA: heimdal"
Previous message: Steve Bellovin: "Input requested for second edition of "Firewalls and Internet Security""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 12:50:44 PDT