Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV

[CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV

by Nikola Strahija on December 11th, 2002 A buffer overflow in the DNS SRV code for nss_ldap allows remote attackers to cause a denial of service and possibly execute arbitrary code.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to nss_ldap-172-5.i386.rpm

OpenLinux 3.1.1 Workstation prior to nss_ldap-172-5.i386.rpm

OpenLinux 3.1 Server prior to nss_ldap-172-5.i386.rpm

OpenLinux 3.1 Workstation prior to nss_ldap-172-5.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-058.0/RPMS

4.2 Packages

2f9e141ceaae799721272590043e524d nss_ldap-172-5.i386.rpm

4.3 Installation

rpm -Fvh nss_ldap-172-5.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-058.0/SRPMS

4.5 Source Packages

b35831284c0413d2e86e450297ba615f nss_ldap-172-5.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-058.0/RPMS

5.2 Packages

a1089ea16a2e35d6a54b5f2256be190f nss_ldap-172-5.i386.rpm

5.3 Installation

rpm -Fvh nss_ldap-172-5.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-058.0/SRPMS

5.5 Source Packages

4a6d0418890bcaf45ab6c6c5e8e17d3b nss_ldap-172-5.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-058.0/RPMS

6.2 Packages

bd1286f5e243e8001d32c21ec1eeb7b0 nss_ldap-172-5.i386.rpm

6.3 Installation

rpm -Fvh nss_ldap-172-5.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-058.0/SRPMS

6.5 Source Packages

3318607550f33f8c0c8902cd6bfc2b81 nss_ldap-172-5.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-058.0/RPMS

7.2 Packages

b60910e2d16a23f6842c534fe6516027 nss_ldap-172-5.i386.rpm

7.3 Installation

rpm -Fvh nss_ldap-172-5.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-058.0/SRPMS

7.5 Source Packages

30aae498b3ebef5a791219eb2fb80c98 nss_ldap-172-5.src.rpm


8. References

Specific references for this advisory:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0825

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr870483, fz526358,
erg712144.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »