Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 603
Alerts This Week
Warning Icon 1 603

Scientific Linux: CVE-2013-0288 Important nss-pam-ldapd Buffer Overflow

Scientific Large Esm H446
Important: nss-pam-ldapd security update
Date: Mon, 4 Mar 2013 16:58:33 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Important: nss-pam-ldapd on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: nss-pam-ldapd security update
Issue Date: 2013-03-04
CVE Numbers: CVE-2013-0288
--

An array index error, leading to a stack-based buffer overflow flaw, was
found in the way nss-pam-ldapd managed open file descriptors. An attacker
able to make a process have a large number of open file descriptors and
perform name lookups could use this flaw to cause the process to crash or,
potentially, execute arbitrary code with the privileges of the user
running the process. (CVE-2013-0288)
--

SL6
 x86_64
 nss-pam-ldapd-0.7.5-18.1.el6_4.i686.rpm
 nss-pam-ldapd-0.7.5-18.1.el6_4.x86_64.rpm
 nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.i686.rpm
 nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.x86_64.rpm
 i386
 nss-pam-ldapd-0.7.5-18.1.el6_4.i686.rpm
 nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.i686.rpm

- Scientific Linux Development Team