National Cyber Awareness System

Vulnerability Summary for CVE-2013-0288

Overview

nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MISC

Name: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288

External Source: XF

Name: nsspamldapd-fdsetsize-bo(82175)

Hyperlink:http://xforce.iss.net/xforce/xfdb/82175

External Source: BID

Name: 58007

Hyperlink:http://www.securityfocus.com/bid/58007

External Source: MLIST

Name: [oss-security] 20130218 CVE-2013-0288 nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow

Hyperlink:http://www.openwall.com/lists/oss-security/2013/02/18/2

External Source: DEBIAN

Name: DSA-2628

Hyperlink:http://www.debian.org/security/2012/dsa-2628

External Source: SECUNIA

Name: 52242

Type: Advisory

Hyperlink:http://secunia.com/advisories/52242

External Source: SECUNIA

Name: 52212

Hyperlink:http://secunia.com/advisories/52212

External Source: REDHAT

Name: RHSA-2013:0590

Hyperlink:http://rhn.redhat.com/errata/RHSA-2013-0590.html

External Source: SUSE

Name: openSUSE-SU-2013:0524

Hyperlink:http://lists.opensuse.org/opensuse-updates/2013-03/msg00091.html

External Source: SUSE

Name: openSUSE-SU-2013:0522

Hyperlink:http://lists.opensuse.org/opensuse-updates/2013-03/msg00087.html

External Source: FEDORA

Name: FEDORA-2013-2754

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099438.html

External Source: MLIST

Name: [nss-pam-ldapd-announce] 20130218 nss-pam-ldapd security advisory (CVE-2013-0288)

Hyperlink:http://lists.arthurdejong.org/nss-pam-ldapd-announce/2013/msg00001.html

External Source: MISC

Name: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319

Hyperlink:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319

External Source: CONFIRM

Name: http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b

Hyperlink:http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b

External Source: CONFIRM

Name: http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=abf03bc54032beeff95b1b8634cc005137e11f32

Hyperlink:http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=abf03bc54032beeff95b1b8634cc005137e11f32

External Source: CONFIRM

Name: http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81

Hyperlink:http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81