LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

nss-pam-ldapd: code execution

Package(s):nss-pam-ldapd CVE #(s):CVE-2013-0288
Created:February 18, 2013 Updated:March 25, 2013
Description: From the Debian advisory:

Garth Mollett discovered that a file descriptor overflow issue in the use of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for using LDAP as a naming service, can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary code.

Alerts:
Debian DSA-2628-1 2013-02-18
Fedora FEDORA-2013-2754 2013-02-28
Mageia MGASA-2013-0071 2013-02-27
Red Hat RHSA-2013:0590-01 2013-03-04
Scientific Linux SL-nss--20130304 2013-03-04
Oracle ELSA-2013-0590 2013-03-04
CentOS CESA-2013:0590 2013-03-09
openSUSE openSUSE-SU-2013:0522-1 2013-03-22
openSUSE openSUSE-SU-2013:0522-2 2013-03-22
openSUSE openSUSE-SU-2013:0524-1 2013-03-22
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds