Support / Sécurité / Annonces de sécurité / Mandrakelinux 8.1 / MDKSA-2002:075

Nom du paquet: nss_ldap
Date: 2002-11-07
Advisory ID: MDKSA-2002:075
Affected versions: 8.1 i586 , SNF7.2 i586 , 8.1 i586 , 8.0 i586 , 9.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586 , 7.2 i586

Problem description

A buffer overflow vulnerability exists in nss_ldap versions prior to 198. When nss_ldap is configured without a value for the "host" keyword, it attempts to configure itself using SRV records stored in DNS. nss_ldap does not check that the data returned by the DNS query will fit into an internal buffer, thus exposing it to an overflow. A similar issue exists in versions of nss_ldap prior to 199 where nss_ldap does not check that the data returned by the DNS query has not been truncated by the resolver libraries to avoid a buffer overflow. This can make nss_ldap attempt to parse more data than what is actually available, making it vulnerable to a read buffer overflow. Finally, a format string bug in the logging function of pam_ldap prior to version 144 exist. All users are recommended to upgrade to these updated packages. Note that the nss_ldap packages for 7.2, 8.0, and Single Network Firewall 7.2 contain the pam_ldap modules.

Updated packages

8.1 i586

 3e44766f48622b70a4de7b66b959a857  ia64/8.1/RPMS/nss_ldap-202-1.1mdk.ia64.rpm
f22145546bff2930131da1b2503692ce  ia64/8.1/RPMS/pam_ldap-156-1.1mdk.ia64.rpm
85ec640296bd1cb5808f9beb7db3a566  ia64/8.1/SRPMS/nss_ldap-202-1.1mdk.src.rpm

SNF7.2 i586

 cc7940dc14b61c6bb8a289242a415c39  snf7.2/RPMS/nss_ldap-202-1.2mdk.i586.rpm
fa83615155165f38c3a691767c4d5455  snf7.2/SRPMS/nss_ldap-202-1.2mdk.src.rpm

8.1 i586

 d0b134533498411ff84c23c445325d09  8.1/RPMS/nss_ldap-202-1.1mdk.i586.rpm
376bd2062e8fb2128008bc6075bae8d1  8.1/RPMS/pam_ldap-156-1.1mdk.i586.rpm
85ec640296bd1cb5808f9beb7db3a566  8.1/SRPMS/nss_ldap-202-1.1mdk.src.rpm

8.0 i586

 eb3adc4ce19d132339392c45a5f63a87  8.0/RPMS/nss_ldap-202-1.2mdk.i586.rpm
fa83615155165f38c3a691767c4d5455  8.0/SRPMS/nss_ldap-202-1.2mdk.src.rpm

9.0 i586

 da577902f504bf8f345446635fcc3cf7  9.0/RPMS/nss_ldap-202-1.1mdk.i586.rpm
b70c25f7b8a3b5f86149dd199003a4ff  9.0/RPMS/pam_ldap-156-1.1mdk.i586.rpm
85ec640296bd1cb5808f9beb7db3a566  9.0/SRPMS/nss_ldap-202-1.1mdk.src.rpm

8.2 i586

 77cdc3912443eadf59ca53284d0340e2  8.2/RPMS/nss_ldap-202-1.1mdk.i586.rpm
16b952b71669460c7c4b9441b37e2014  8.2/RPMS/pam_ldap-156-1.1mdk.i586.rpm
85ec640296bd1cb5808f9beb7db3a566  8.2/SRPMS/nss_ldap-202-1.1mdk.src.rpm

8.0 i586

 9e06d1d1e8efcf2ab3e7646fb182edfe  ppc/8.0/RPMS/nss_ldap-202-1.2mdk.ppc.rpm
fa83615155165f38c3a691767c4d5455  ppc/8.0/SRPMS/nss_ldap-202-1.2mdk.src.rpm

8.2 i586

 b5f7f6eab56f68ba432267dc2e84c206  ppc/8.2/RPMS/nss_ldap-202-1.1mdk.ppc.rpm
0b73c3aba3ab7bdd2548a69934fa79f0  ppc/8.2/RPMS/pam_ldap-156-1.1mdk.ppc.rpm
85ec640296bd1cb5808f9beb7db3a566  ppc/8.2/SRPMS/nss_ldap-202-1.1mdk.src.rpm

7.2 i586

 cc7940dc14b61c6bb8a289242a415c39  7.2/RPMS/nss_ldap-202-1.2mdk.i586.rpm
fa83615155165f38c3a691767c4d5455  7.2/SRPMS/nss_ldap-202-1.2mdk.src.rpm

MDKSA-2002:075

Problem description

Updated packages

8.1 i586

SNF7.2 i586

8.1 i586

8.0 i586

9.0 i586

8.2 i586

8.0 i586

8.2 i586

7.2 i586

References