SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  nss_ldap Vendors:  PADL Software Pty Ltd
'nss_ldap' Buffer Overflow in DNS Code May Allow Remote Users to Execute Arbitrary Code
SecurityTracker Alert ID:  1005570
CVE Reference:  CAN-2002-0825   (Links to External Site)
Date:  Nov 8 2002
Impact:  Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): prior to 198
Description:  A buffer overflow vulnerability was reported in nss_ldap DNS SRV support functions. In a certain configuration, a remote user may be able to execute arbitrary code.

The vendor does not believe that this overflow can be exploited to gain elevated privileges in the default configuration of nss_ldap. However, if a configuration explicitly does not trust DNS, uses DNS SRV records for server location, and uses another mechanism such as Kerberos or SSL to verify the integrity of the server, then privilege elevation may be possible. A remote user could create a large number of SRV records or SRV records with long target hosts to trigger the overflow and execute arbitrary code with the privileges of the process using the nss_ldap library.

For more information, see the vendor's bug report #108 at:

http://bugzilla.padl.com/show_bug.cgi?id=108
Impact:  A remote user may be able to execute arbitrary code on the system.
Solution:  The vendor has released a fixed version (198), available at:

ftp://ftp.padl.com/pub/nss_ldap.tgz
http://www.padl.com/download/nss_ldap.tgz
Vendor URL:  www.padl.com/Articles/PotentialBufferOverflowin.html (Links to External Site)
Cause:  Boundary error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 8 2002 (Mandrake Issues Fix) 'nss_ldap' Buffer Overflow in DNS Code May Allow Remote Users to Execute Arbitrary Code   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.


 Source Message Contents
Date:  Thu, 07 Nov 2002 18:49:21 -0500
Subject:  nss_ldap bug

 

http://www.padl.com/Articles/PotentialBufferOverflowin.html

PADL Software Pty Ltd reported a potential buffer overflow vulnerability in nss_ldap DNS
SRV support.

The vendor does not believe that this overflow can be exploited to gain elevated
privileges in the default configuration of nss_ldap. However, if a configuration
explicitly does not trust DNS, uses DNS SRV records for server location, and uses another
mechanism such as Kerberos or SSL to verify the integrity of the server, then privilege
elevation may be possible.  A remote user could create a large number of SRV records or
SRV records with long target hosts to trigger the overflow.

This issue has been corrected in nss_ldap-198:

ftp://ftp.padl.com/pub/nss_ldap.tgz
http://www.padl.com/download/nss_ldap.tgz

For more information, see bug #108 at:

http://bugzilla.padl.com/show_bug.cgi?id=108

The following CVE information is also available:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0825


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC