|
- - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT - - -------------------------------------------------------------------- PACKAGE :nss_ldap SUMMARY :Buffer overflow DATE :2002-10-13 12:45 UTC - - -------------------------------------------------------------------- Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code. DETAIL When versions of nss_ldap prior to nss_ldap-198 are configured without a value for the "host" setting, nss_ldap will attempt to configure itself by using SRV records stored in DNS. When parsing the results of the DNS query, nss_ldap does not check that the data returned by the server willfit into an internal buffer, leaving it vulnerable to a buffer overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0825 to this issue. When versions of nss_ldap prior to nss_ldap-199 are configured without a value for the "host" setting, nss_ldap will attempt to configure itself by using SRV records stored in DNS. When parsing the results of the DNS query, nss_ldap does not check that the data returned has not been truncated by the resolver libraries to avoid a buffer overflow, and may attempt to parse more data than is actually available, leaving it vulnerable to a read buffer overflow. SOLUTION It is recommended that all Gentoo Linux users who are running net-libs/nss_ldap-174-r2 and earlier update their systems as follows: emerge rsync emerge nss_ldap emerge clean - - -------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz - - --------------------------------------------------------------------