Nom du paquet
nss-pam-ldapd
Date
2013-04-10
Advisory ID
MDVSA-2013:106
Affected versions
MBS1 x86_64

Problem description

Updated nss-pam-ldapd packages fixes the following security
vulnerability:

Garth Mollett discovered that a file descriptor overflow issue in
the use of FD_SET() in nss-pam-ldapd can lead to a stack-based buffer
overflow. An attacker could, under some circumstances, use this flaw
to cause a process that has the NSS or PAM module loaded to crash or
potentially execute arbitrary code.

The issue can be triggered in a network daemon by opening a large
number of connections and forcing a name lookup. This would result
in a crash and possibly remote code execution. This issue may also
allow local privilege escalation if a suid program does name lookups
and doesn't close file descriptors inherited from the parent process
(CVE-2013-0288).

Updated packages

MBS1 x86_64

 cbf543dd3fef9f555cff3437e2a38639  mbs1/x86_64/nss-pam-ldapd-0.8.6-4.1.mbs1.x86_64.rpm 
 4e6bf408943ff751ed7655b661bec550  mbs1/SRPMS/nss-pam-ldapd-0.8.6-4.1.mbs1.src.rpm

References