Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV
From: security () caldera com
Date: Tue, 10 Dec 2002 17:08:02 -0800

To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com full-disclosure () 
lists netsys com

______________________________________________________________________________

                        SCO Security Advisory

Subject:                Linux: buffer overflow in nss_ldap DNS SRV
Advisory number:        CSSA-2002-058.0
Issue date:             2002 December 10
Cross reference:
______________________________________________________________________________


1. Problem Description

        A buffer overflow in the DNS SRV code for nss_ldap allows remote
        attackers to cause a denial of service and possibly execute
        arbitrary code.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to nss_ldap-172-5.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to nss_ldap-172-5.i386.rpm

        OpenLinux 3.1 Server            prior to nss_ldap-172-5.i386.rpm

        OpenLinux 3.1 Workstation       prior to nss_ldap-172-5.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-058.0/RPMS

        4.2 Packages

        2f9e141ceaae799721272590043e524d        nss_ldap-172-5.i386.rpm

        4.3 Installation

        rpm -Fvh nss_ldap-172-5.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-058.0/SRPMS

        4.5 Source Packages

        b35831284c0413d2e86e450297ba615f        nss_ldap-172-5.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-058.0/RPMS

        5.2 Packages

        a1089ea16a2e35d6a54b5f2256be190f        nss_ldap-172-5.i386.rpm

        5.3 Installation

        rpm -Fvh nss_ldap-172-5.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-058.0/SRPMS

        5.5 Source Packages

        4a6d0418890bcaf45ab6c6c5e8e17d3b        nss_ldap-172-5.src.rpm


6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-058.0/RPMS

        6.2 Packages

        bd1286f5e243e8001d32c21ec1eeb7b0        nss_ldap-172-5.i386.rpm

        6.3 Installation

        rpm -Fvh nss_ldap-172-5.i386.rpm

        6.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-058.0/SRPMS

        6.5 Source Packages

        3318607550f33f8c0c8902cd6bfc2b81        nss_ldap-172-5.src.rpm


7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-058.0/RPMS

        7.2 Packages

        b60910e2d16a23f6842c534fe6516027        nss_ldap-172-5.i386.rpm

        7.3 Installation

        rpm -Fvh nss_ldap-172-5.i386.rpm

        7.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-058.0/SRPMS

        7.5 Source Packages

        30aae498b3ebef5a791219eb2fb80c98        nss_ldap-172-5.src.rpm


8. References

        Specific references for this advisory:

                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0825

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr870483, fz526358,
        erg712144.


9. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.

______________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV security (Dec 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault