SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   nss_ldap Vendors:   Sun
(Sun Issues Final Fix) Sun LDAP Name Service Buffer Overflow May Let Remote Users Gain Root Access
SecurityTracker Alert ID:  1008473
SecurityTracker URL:  http://securitytracker.com/id/1008473
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 15 2003
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A buffer overflow vulnerability was reported in the LDAP Name Service on certain versions of Sun Solaris. A remote user could gain root access.

Sun indicated that the buffer overflow resides in the "nss_ldap.so.1" library.

Solaris 8 and 9 are reportedly affected. Sun reports that Solaris 2.6 and Solaris 7 are not affected.

If the LDAP name service is enabled in the "/etc/nsswitch.conf" file for any of the following databases, the system may be vulnerable:

bootparams
ethers
hosts
ipnodes
netgroup
netmasks
networks

Sun credits void.at with reporting this flaw.
Impact:   A remote user could gain root access on the system.
Solution:   Sun has issued the following fixes:

SPARC Platform

Solaris 8 with patch 108993-31 or later
Solaris 9 with patch 112960-09 or later

x86 Platform

Solaris 8 with patch 108994-31 or later
Solaris 9 with patch 114328-02 or later
Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F52222 (Links to External Site)
Cause:   Boundary error
Underlying OS:   UNIX (Solaris - SunOS)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 28 2003 Sun LDAP Name Service Buffer Overflow May Let Remote Users Gain Root Access


 Source Message Contents
Date:  Mon, 15 Dec 2003 09:47:40 -0500
Subject:  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F52222


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F52222

52222   In Solaris 8 and Solaris 9 a Buffer Overflow in the LDAP Name Service May Lead to 
Unauthorized Root Access   12 Dec 2003

Sun updated their Alert Notification #52222 to indicate that the following patches are 
available.  This alert presents new patches for Solaris 8 (as compared with the previous 
revision of the alert).

SPARC Platform

Solaris 8 with patch 108993-31 or later
Solaris 9 with patch 112960-09 or later

x86 Platform

Solaris 8 with patch 108994-31 or later
Solaris 9 with patch 114328-02 or later

-----

Sun Alert ID: 52222
Synopsis: In Solaris 8 and Solaris 9 a Buffer Overflow in the LDAP Name Service May Lead 
to Unauthorized Root Access
Category: Security
Product: Solaris
BugIDs: 4830525
Avoidance: Workaround, Patch
State: Resolved
Date Released: 26-Mar-2003, 22-Oct-2003, 30-Oct-2003, 12-Dec-2003
Date Closed: 12-Dec-2003
Date Modified: 22-Oct-2003, 23-Oct-2003, 30-Oct-2003, 06-Nov-2003, 12-Dec-2003


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC