- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------

PACKAGE        :nss_ldap
SUMMARY        :Buffer overflow
DATE           :2002-10-13 12:45 UTC

- - --------------------------------------------------------------------

Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 
allows remote attackers to cause a denial of service and possibly 
execute arbitrary code.

DETAIL

When versions of nss_ldap prior to nss_ldap-198 are configured 
without a value for the "host" setting, nss_ldap will attempt to 
configure itself by using SRV records stored in DNS.  When parsing the 
results of the DNS query, nss_ldap does not check that the data 
returned by the server willfit into an internal buffer, leaving it 
vulnerable to a buffer overflow. The Common Vulnerabilities and 
Exposures project (cve.mitre.org) has assigned the name CAN-2002-0825 
to this issue.

When versions of nss_ldap prior to nss_ldap-199 are configured 
without a value for the "host" setting, nss_ldap will attempt to 
configure itself by using SRV records stored in DNS.  When parsing 
the results of the DNS query, nss_ldap does not check that the data 
returned has not been truncated by the resolver libraries to avoid a 
buffer overflow, and may attempt to parse more data than is actually 
available, leaving it vulnerable to a read buffer overflow.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-libs/nss_ldap-174-r2 and earlier update their systems
as follows:

emerge rsync
emerge nss_ldap
emerge clean

- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------