exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2013-0288

Status Candidate

Overview

nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro.

Related Files

Debian Security Advisory 2628-2
Posted Jun 19, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2628-2 - The security update DSA-2628 for nss-pam-ldapd failed to build on kfreebsd-amd64 and kfreebsd-i386.

tags | advisory
systems | linux, debian
advisories | CVE-2013-0288
SHA-256 | ca04431f7098338d92f01c30b2b14d94f107aed5b83c0e5d0a566ae308c1550a
Mandriva Linux Security Advisory 2013-106
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-106 - Updated nss-pam-ldapd packages fixes the following security Garth Mollett discovered that a file descriptor overflow issue in the use of FD_SET() in nss-pam-ldapd can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary code. The issue can be triggered in a network daemon by opening a large number of connections and forcing a name lookup. This would result in a crash and possibly remote code execution. This issue may also allow local privilege escalation if a suid program does name lookups and doesn't close file descriptors inherited from the parent process.

tags | advisory, remote, overflow, arbitrary, local, code execution
systems | linux, mandriva
advisories | CVE-2013-0288
SHA-256 | 21cfbe87c25c15f909e0a89e34d4588f1a69067a0cec0040efeda64c62e628fb
Red Hat Security Advisory 2013-0590-01
Posted Mar 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0590-01 - The nss-pam-ldapd packages provide the nss-pam-ldapd daemon, which uses a directory server to lookup name service information on behalf of a lightweight nsswitch module. An array index error, leading to a stack-based buffer overflow flaw, was found in the way nss-pam-ldapd managed open file descriptors. An attacker able to make a process have a large number of open file descriptors and perform name lookups could use this flaw to cause the process to crash or, potentially, execute arbitrary code with the privileges of the user running the process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-0288
SHA-256 | 5d8ce3bf3e429d0588efc5bb523f1d11034fee2fa34e9de097579a469ee0704d
Debian Security Advisory 2628-1
Posted Feb 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2628-1 - Garth Mollett discovered that a file descriptor overflow issue in the use of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for using LDAP as a naming service, can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2013-0288
SHA-256 | 7293e7af93c908b7309b1bbfd85a38e48c7bef2fec3f3dd808afeaa49befbae5
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close