|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 2628-1 (nss-pam-ldapd - buffer overflow)|
|Summary:||Garth Mollett discovered that a file descriptor overflow issue in the;use of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for;using LDAP as a naming service, can lead to a stack-based buffer;overflow. An attacker could, under some circumstances, use this flaw to;cause a process that has the NSS or PAM module loaded to crash or;potentially execute arbitrary code.|
Garth Mollett discovered that a file descriptor overflow issue in the
use of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for
using LDAP as a naming service, can lead to a stack-based buffer
overflow. An attacker could, under some circumstances, use this flaw to
cause a process that has the NSS or PAM module loaded to crash or
potentially execute arbitrary code.
nss-pam-ldapd on Debian Linux
For the stable distribution (squeeze) this problem has been fixed in
For the testing distribution (wheezy), this problem has been fixed in
For the unstable distribution (sid), this problem has been fixed in
We recommend that you upgrade your nss-pam-ldapd packages.
Common Vulnerability Exposure (CVE) ID: CVE-2013-0288|
BugTraq ID: 58007
Debian Security Information: DSA-2628 (Google Search)
RedHat Security Advisories: RHSA-2013:0590
SuSE Security Announcement: openSUSE-SU-2013:0522 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0524 (Google Search)
XForce ISS Database: nsspamldapd-fdsetsize-bo(82175)
|Copyright||Copyright (C) 2013 Greenbone Networks GmbH http://greenbone.net|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.