SecurityTracker: (Sun Issues Additional Fix) Re: Sun LDAP Name Service Buffer Overflow May Let Remote Users Gain Root Access

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > nss_ldap

(Sun Issues Additional Fix) Re: Sun LDAP Name Service Buffer Overflow May Let Remote Users Gain Root Access

SecurityTracker Alert ID: 1008128

SecurityTracker URL: http://securitytracker.com/id/1008128

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Updated: Nov 11 2003

Original Entry Date: Nov 10 2003

Impact: Execution of arbitrary code via network, Root access via network

Fix Available: Yes Vendor Confirmed: Yes

Description: A buffer overflow vulnerability was reported in the LDAP Name Service on certain versions of Sun Solaris. A remote user could gain root access.

Sun indicated that the buffer overflow resides in the "nss_ldap.so.1" library.

Solaris 8 and 9 are reportedly affected. Sun reports that Solaris 2.6 and Solaris 7 are not affected.

If the LDAP name service is enabled in the "/etc/nsswitch.conf" file for any of the following databases, the system may be vulnerable:

bootparams
ethers
hosts
ipnodes
netgroup
netmasks
networks

Sun credits void.at with reporting this flaw.

Impact: A remote user could gain root access on the system.

Solution: Sun has issued the following patches:

SPARC Platform

Solaris 9 with patch 112960-09 or later
Solaris 8 with patch 108993-29 or later

x86 Platform

Solaris 9 with patch 114328-02 or later
Solaris 8 with patch 108994-29 or later

[Editor's note: The 30-Oct-2003 modification to the Sun Alert presented the Solaris 8 patches. The 06-Nov-2003 modification to the Sun Alert presented the Solaris 9 patches but did *not* reference any Solaris 8 patches, instead indicating that a final resolution was pending for Solaris 8. We are not certain why Sun did not list the Solaris 8 patches in the most recent version of their Sun Alert.]

Vendor URL: sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F52222 (Links to External Site)

Cause: Boundary error

Underlying OS: UNIX (Solaris - SunOS)

Message History: This archive entry is a follow-up to the message listed below.

Sun LDAP Name Service Buffer Overflow May Let Remote Users Gain Root Access

Source Message Contents

Date: Mon, 10 Nov 2003 08:29:52 -0500
Subject: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F52222


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F52222

52222   In Solaris 8 and Solaris 9 a Buffer Overflow in the LDAP Name Service May Lead to 
Unauthorized Root Access   7 Nov 2003

Sun updated Sun Alert 52222 to indicate that a patch is available for Solaris 9 for the 
"nss_ldap.so.1" library local buffer overflow vulnerability.


SPARC Platform

Solaris 9 with patch 112960-09 or later

x86 Platform

Solaris 9 with patch 114328-02 or later

A final resolution for Solaris 8 is pending.

-----

Sun Alert ID: 52222
Synopsis: In Solaris 8 and Solaris 9 a Buffer Overflow in the LDAP Name Service May Lead 
to Unauthorized Root Access
Category: Security
Product: Solaris
BugIDs: 4830525
Avoidance: Workaround, Patch
State: Engineering Complete
Date Released: 26-Mar-2003, 22-Oct-2003, 30-Oct-2003
Date Closed:
Date Modified: 22-Oct-2003, 23-Oct-2003, 30-Oct-2003, 06-Nov-2003

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC