SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   nss_ldap Vendors:   Sun
(Sun Issues Fix) Re: Sun LDAP Name Service Buffer Overflow May Let Remote Users Gain Root Access
SecurityTracker Alert ID:  1008055
SecurityTracker URL:  http://securitytracker.com/id/1008055
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Nov 7 2003
Original Entry Date:  Oct 31 2003
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A buffer overflow vulnerability was reported in the LDAP Name Service on certain versions of Sun Solaris. A remote user could gain root access.

Sun indicated that the buffer overflow resides in the "nss_ldap.so.1" library.

Solaris 8 and 9 are reportedly affected. Sun reports that Solaris 2.6 and Solaris 7 are not affected.

If the LDAP name service is enabled in the "/etc/nsswitch.conf" file for any of the following databases, the system may be vulnerable:

bootparams
ethers
hosts
ipnodes
netgroup
netmasks
networks

Sun credits void.at with reporting this flaw.
Impact:   A remote user could gain root access on the system.
Solution:   Sun has issued the following patches:

SPARC Platform

Solaris 8 with patch 108993-29 or later
Solaris 9 with patch 112960-09 or later

x86 Platform

Solaris 8 with patch 108994-29 or later
Solaris 9 with patch 114328-02 or later
Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F52222 (Links to External Site)
Cause:   Boundary error
Underlying OS:   UNIX (Solaris - SunOS)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 28 2003 Sun LDAP Name Service Buffer Overflow May Let Remote Users Gain Root Access


 Source Message Contents
Date:  Fri, 31 Oct 2003 12:32:44 -0500
Subject:  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F52222


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F52222

52222   In Solaris 8 and Solaris 9 a Buffer Overflow in the LDAP Name Service May Lead to 
Unauthorized Root Access   30 Oct 2003

 > On Solaris 8 and Solaris 9 systems with the LDAP name service enabled, an unprivileged
 > local user may be able to gain unauthorized root access due to a buffer overflow in the
 > "nss_ldap.so.1" library.


Sun has issued the following patches:

SPARC Platform

Solaris 8 with patch 108993-29 or later

x86 Platform

Solaris 8 with patch 108994-29 or later

Sun reports that a final resolution for Solaris 9 is pending completion.

-----

Sun Alert ID: 52222
Synopsis: In Solaris 8 and Solaris 9 a Buffer Overflow in the LDAP Name Service May Lead 
to Unauthorized Root Access
Category: Security
Product: Solaris
BugIDs: 4830525
Avoidance: Patch, T-patch, Workaround
State: Engineering Complete
Date Released: 26-Mar-2003, 22-Oct-2003, 30-Oct-2003
Date Closed: 30-Oct-2003
Date Modified: 22-Oct-2003, 23-Oct-2003, 30-Oct-2003


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC