Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.881638 |
Category: | CentOS Local Security Checks |
Title: | CentOS Update for nss-pam-ldapd CESA-2013:0590 centos6 |
Summary: | The remote host is missing an update for the 'nss-pam-ldapd'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'nss-pam-ldapd' package(s) announced via the referenced advisory. Vulnerability Insight: The nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd), which uses a directory server to lookup name service information on behalf of a lightweight nsswitch module. An array index error, leading to a stack-based buffer overflow flaw, was found in the way nss-pam-ldapd managed open file descriptors. An attacker able to make a process have a large number of open file descriptors and perform name lookups could use this flaw to cause the process to crash or, potentially, execute arbitrary code with the privileges of the user running the process. (CVE-2013-0288) Red Hat would like to thank Garth Mollett for reporting this issue. All users of nss-pam-ldapd are advised to upgrade to these updated packages, which contain a backported patch to fix this issue. Affected Software/OS: nss-pam-ldapd on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-0288 BugTraq ID: 58007 http://www.securityfocus.com/bid/58007 Debian Security Information: DSA-2628 (Google Search) http://www.debian.org/security/2012/dsa-2628 http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099438.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:106 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288 http://lists.arthurdejong.org/nss-pam-ldapd-announce/2013/msg00001.html http://www.openwall.com/lists/oss-security/2013/02/18/2 RedHat Security Advisories: RHSA-2013:0590 http://rhn.redhat.com/errata/RHSA-2013-0590.html http://secunia.com/advisories/52212 http://secunia.com/advisories/52242 SuSE Security Announcement: openSUSE-SU-2013:0522 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-03/msg00087.html SuSE Security Announcement: openSUSE-SU-2013:0524 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-03/msg00091.html XForce ISS Database: nsspamldapd-fdsetsize-bo(82175) https://exchange.xforce.ibmcloud.com/vulnerabilities/82175 |
Copyright | Copyright (c) 2013 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |