Red Hat Local Security Checks : RedHat Security Advisory RHSA-2002:180

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.51231

Category: Red Hat Local Security Checks

Title: RedHat Security Advisory RHSA-2002:180

Summary: NOSUMMARY

Description: Description:

The remote host is missing updates announced in
advisory RHSA-2002:180.

Updated nss_ldap packages are now available for Red Hat Linux Advanced
Server 2.1. These updates fix a potential buffer overflow which can occur
when nss_ldap is set to configure itself using information stored in DNS
as well as a format string bug in logging functions used in pam_ldap.

[Updated 09 Jan 2003]
Added fixed packages for the Itanium (IA64) architecture.

[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1

nss_ldap is a set of C library extensions that allow X.500 and LDAP
directory servers to be used as a primary source of aliases, ethers,
groups, hosts, networks, protocols, users, RPCs, services, and shadow
passwords (instead of or in addition to using flat files or NIS).

When versions of nss_ldap prior to nss_ldap-198 are configured without a
value for the 'host' setting, nss_ldap will attempt to configure itself by
using SRV records stored in DNS. When parsing the results of the DNS
query, nss_ldap does not check that data returned by the server will fit
into an internal buffer, leaving it vulnerable to a buffer overflow
The Common Vulnerabilities and Exposures project has assigned the name
CVE-2002-0825 to this issue.

When versions of nss_ldap prior to nss_ldap-199 are configured without a
value for the 'host' setting, nss_ldap will attempt to configure itself by
using SRV records stored in DNS. When parsing the results of the DNS
query, nss_ldap does not check that the data returned has not been
truncated by the resolver libraries to avoid a buffer overflow, and may
attempt to parse more data than is actually available, leaving it
vulnerable to a read buffer overflow.

Versions of pam_ldap prior to version 144 include a format string bug in
the logging function. The packages included in this erratum update pam_ldap
to version 144, fixing this bug. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2002-0374 to this issue.

All users of nss_ldap should update to these errata packages which are not
vulnerable to the above issues. These packages are based on nss_ldap-189
with the addition of a backported security patch and pam_ldap version 144.

Thanks to the nss_ldap and pam_ldap team at padl.com for providing
information about these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2002-180.html
http://www.padl.com/Articles/PotentialBufferOverflowin.html
http://www.padl.com/OSS/pam_ldap.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html
http://www.kb.cert.org/vuls/id/738331

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2002-0825
Common Vulnerability Exposure (CVE) ID: CVE-2002-0374
BugTraq ID: 4679
http://www.securityfocus.com/bid/4679
Bugtraq: 20020506 ldap vulnerabilities (Google Search)
Bugtraq: 20021030 GLSA: pam_ldap (Google Search)
http://marc.info/?l=bugtraq&m=103601912505261&w=2
Caldera Security Advisory: CSSA-2002-041.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-041.0.txt
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075
http://www.redhat.com/support/errata/RHSA-2002-084.html
http://www.redhat.com/support/errata/RHSA-2002-141.html
http://www.redhat.com/support/errata/RHSA-2002-175.html
http://www.redhat.com/support/errata/RHSA-2002-180.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html
http://www.iss.net/security_center/static/9018.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.51231
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2002:180
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2002:180. Updated nss_ldap packages are now available for Red Hat Linux Advanced Server 2.1. These updates fix a potential buffer overflow which can occur when nss_ldap is set to configure itself using information stored in DNS as well as a format string bug in logging functions used in pam_ldap. [Updated 09 Jan 2003] Added fixed packages for the Itanium (IA64) architecture. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 nss_ldap is a set of C library extensions that allow X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocols, users, RPCs, services, and shadow passwords (instead of or in addition to using flat files or NIS). When versions of nss_ldap prior to nss_ldap-198 are configured without a value for the 'host' setting, nss_ldap will attempt to configure itself by using SRV records stored in DNS. When parsing the results of the DNS query, nss_ldap does not check that data returned by the server will fit into an internal buffer, leaving it vulnerable to a buffer overflow The Common Vulnerabilities and Exposures project has assigned the name CVE-2002-0825 to this issue. When versions of nss_ldap prior to nss_ldap-199 are configured without a value for the 'host' setting, nss_ldap will attempt to configure itself by using SRV records stored in DNS. When parsing the results of the DNS query, nss_ldap does not check that the data returned has not been truncated by the resolver libraries to avoid a buffer overflow, and may attempt to parse more data than is actually available, leaving it vulnerable to a read buffer overflow. Versions of pam_ldap prior to version 144 include a format string bug in the logging function. The packages included in this erratum update pam_ldap to version 144, fixing this bug. The Common Vulnerabilities and Exposures project has assigned the name CVE-2002-0374 to this issue. All users of nss_ldap should update to these errata packages which are not vulnerable to the above issues. These packages are based on nss_ldap-189 with the addition of a backported security patch and pam_ldap version 144. Thanks to the nss_ldap and pam_ldap team at padl.com for providing information about these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-180.html http://www.padl.com/Articles/PotentialBufferOverflowin.html http://www.padl.com/OSS/pam_ldap.html http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html http://www.kb.cert.org/vuls/id/738331 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0825 Common Vulnerability Exposure (CVE) ID: CVE-2002-0374 BugTraq ID: 4679 http://www.securityfocus.com/bid/4679 Bugtraq: 20020506 ldap vulnerabilities (Google Search) Bugtraq: 20021030 GLSA: pam_ldap (Google Search) http://marc.info/?l=bugtraq&m=103601912505261&w=2 Caldera Security Advisory: CSSA-2002-041.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-041.0.txt http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 http://www.redhat.com/support/errata/RHSA-2002-084.html http://www.redhat.com/support/errata/RHSA-2002-141.html http://www.redhat.com/support/errata/RHSA-2002-175.html http://www.redhat.com/support/errata/RHSA-2002-180.html http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html http://www.iss.net/security_center/static/9018.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com