CVE-2013-0288

Related Files

Debian Security Advisory 2628-2

Posted Jun 19, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2628-2 - The security update DSA-2628 for nss-pam-ldapd failed to build on kfreebsd-amd64 and kfreebsd-i386.

tags | advisory

systems | linux, debian

advisories | CVE-2013-0288

SHA-256 | ca04431f7098338d92f01c30b2b14d94f107aed5b83c0e5d0a566ae308c1550a

Download | Favorite | View

Mandriva Linux Security Advisory 2013-106

Posted Apr 11, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-106 - Updated nss-pam-ldapd packages fixes the following security Garth Mollett discovered that a file descriptor overflow issue in the use of FD_SET() in nss-pam-ldapd can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary code. The issue can be triggered in a network daemon by opening a large number of connections and forcing a name lookup. This would result in a crash and possibly remote code execution. This issue may also allow local privilege escalation if a suid program does name lookups and doesn't close file descriptors inherited from the parent process.

tags | advisory, remote, overflow, arbitrary, local, code execution

systems | linux, mandriva

advisories | CVE-2013-0288

SHA-256 | 21cfbe87c25c15f909e0a89e34d4588f1a69067a0cec0040efeda64c62e628fb

Download | Favorite | View

Red Hat Security Advisory 2013-0590-01

Posted Mar 5, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0590-01 - The nss-pam-ldapd packages provide the nss-pam-ldapd daemon, which uses a directory server to lookup name service information on behalf of a lightweight nsswitch module. An array index error, leading to a stack-based buffer overflow flaw, was found in the way nss-pam-ldapd managed open file descriptors. An attacker able to make a process have a large number of open file descriptors and perform name lookups could use this flaw to cause the process to crash or, potentially, execute arbitrary code with the privileges of the user running the process.

tags | advisory, overflow, arbitrary

systems | linux, redhat

advisories | CVE-2013-0288

SHA-256 | 5d8ce3bf3e429d0588efc5bb523f1d11034fee2fa34e9de097579a469ee0704d

Download | Favorite | View

Debian Security Advisory 2628-1

Posted Feb 18, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2628-1 - Garth Mollett discovered that a file descriptor overflow issue in the use of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for using LDAP as a naming service, can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary code.

tags | advisory, overflow, arbitrary

systems | linux, debian

advisories | CVE-2013-0288

SHA-256 | 7293e7af93c908b7309b1bbfd85a38e48c7bef2fec3f3dd808afeaa49befbae5

Download | Favorite | View