RHSA-2002_180

Vulnerability from csaf_redhat - Published: 2002-10-04 07:20 - Updated: 2024-11-21 22:27
Summary
Red Hat Security Advisory: nss_ldap ecurity update
Severity
Important
Notes
Topic: Updated nss_ldap packages are now available for Red Hat Linux Advanced Server 2.1. These updates fix a potential buffer overflow which can occur when nss_ldap is set to configure itself using information stored in DNS as well as a format string bug in logging functions used in pam_ldap. [Updated 09 Jan 2003] Added fixed packages for the Itanium (IA64) architecture. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1
Details: nss_ldap is a set of C library extensions that allow X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocols, users, RPCs, services, and shadow passwords (instead of or in addition to using flat files or NIS). When versions of nss_ldap prior to nss_ldap-198 are configured without a value for the "host" setting, nss_ldap will attempt to configure itself by using SRV records stored in DNS. When parsing the results of the DNS query, nss_ldap does not check that data returned by the server will fit into an internal buffer, leaving it vulnerable to a buffer overflow The Common Vulnerabilities and Exposures project has assigned the name CAN-2002-0825 to this issue. When versions of nss_ldap prior to nss_ldap-199 are configured without a value for the "host" setting, nss_ldap will attempt to configure itself by using SRV records stored in DNS. When parsing the results of the DNS query, nss_ldap does not check that the data returned has not been truncated by the resolver libraries to avoid a buffer overflow, and may attempt to parse more data than is actually available, leaving it vulnerable to a read buffer overflow. Versions of pam_ldap prior to version 144 include a format string bug in the logging function. The packages included in this erratum update pam_ldap to version 144, fixing this bug. The Common Vulnerabilities and Exposures project has assigned the name CAN-2002-0374 to this issue. All users of nss_ldap should update to these errata packages which are not vulnerable to the above issues. These packages are based on nss_ldap-189 with the addition of a backported security patch and pam_ldap version 144. Thanks to the nss_ldap and pam_ldap team at padl.com for providing information about these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2002-0374

Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.

Vendor Fix This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. https://access.redhat.com/errata/RHSA-2002:180
CVE-2002-0825

Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Vendor Fix This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. https://access.redhat.com/errata/RHSA-2002:180
References
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated nss_ldap packages are now available for Red Hat Linux Advanced\nServer 2.1. These updates fix a potential buffer overflow which can occur\nwhen nss_ldap is set to configure itself using information stored in DNS\nas well as a format string bug in logging functions used in pam_ldap.\n\n[Updated 09 Jan 2003]\nAdded fixed packages for the Itanium (IA64) architecture.\n\n[Updated 06 Feb 2003]\nAdded fixed packages for Advanced Workstation 2.1",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "nss_ldap is a set of C library extensions that allow X.500 and LDAP\ndirectory servers to be used as a primary source of aliases, ethers,\ngroups, hosts, networks, protocols, users, RPCs, services, and shadow\npasswords (instead of or in addition to using flat files or NIS).\n\nWhen versions of nss_ldap prior to nss_ldap-198 are configured without a\nvalue for the \"host\" setting, nss_ldap will attempt to configure itself by\nusing SRV records stored in DNS. When parsing the results of the DNS\nquery, nss_ldap does not check that data returned by the server will fit\ninto an internal buffer, leaving it vulnerable to a buffer overflow\nThe Common Vulnerabilities and Exposures project has assigned the name\nCAN-2002-0825 to this issue.\n\nWhen versions of nss_ldap prior to nss_ldap-199 are configured without a\nvalue for the \"host\" setting, nss_ldap will attempt to configure itself by\nusing SRV records stored in DNS. When parsing the results of the DNS\nquery, nss_ldap does not check that the data returned has not been\ntruncated by the resolver libraries to avoid a buffer overflow, and may\nattempt to parse more data than is actually available, leaving it\nvulnerable to a read buffer overflow.\n\nVersions of pam_ldap prior to version 144 include a format string bug in\nthe logging function. The packages included in this erratum update pam_ldap\nto version 144, fixing this bug.  The Common Vulnerabilities and Exposures\nproject has assigned the name CAN-2002-0374 to this issue.\n\nAll users of nss_ldap should update to these errata packages which are not\nvulnerable to the above issues. These packages are based on nss_ldap-189\nwith the addition of a backported security patch and pam_ldap version 144.\n\nThanks to the nss_ldap and pam_ldap team at padl.com for providing\ninformation about these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:180",
        "url": "https://access.redhat.com/errata/RHSA-2002:180"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://www.padl.com/Articles/PotentialBufferOverflowin.html",
        "url": "http://www.padl.com/Articles/PotentialBufferOverflowin.html"
      },
      {
        "category": "external",
        "summary": "http://www.padl.com/OSS/pam_ldap.html",
        "url": "http://www.padl.com/OSS/pam_ldap.html"
      },
      {
        "category": "external",
        "summary": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html",
        "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html"
      },
      {
        "category": "external",
        "summary": "http://www.kb.cert.org/vuls/id/738331",
        "url": "http://www.kb.cert.org/vuls/id/738331"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_180.json"
      }
    ],
    "title": "Red Hat Security Advisory: nss_ldap ecurity update",
    "tracking": {
      "current_release_date": "2024-11-21T22:27:10+00:00",
      "generator": {
        "date": "2024-11-21T22:27:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:180",
      "initial_release_date": "2002-10-04T07:20:00+00:00",
      "revision_history": [
        {
          "date": "2002-10-04T07:20:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-08-13T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:27:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Products"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-0374",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616764"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0374"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616764",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616764"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0374",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0374"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0374",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0374"
        }
      ],
      "release_date": "2002-05-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-10-04T07:20:00+00:00",
          "details": "This update is available via Red Hat Network.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:180"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0825",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616816"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0825"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616816",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616816"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0825",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0825"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0825",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0825"
        }
      ],
      "release_date": "2002-07-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-10-04T07:20:00+00:00",
          "details": "This update is available via Red Hat Network.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:180"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.