The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 10 Dec 2002 17:08:02 -0800
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV

--qM81t570OJUP5TU/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: [email protected] [email protected] [email protected] [email protected]

______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: buffer overflow in nss_ldap DNS SRV
Advisory number: 	CSSA-2002-058.0
Issue date: 		2002 December 10
Cross reference:
______________________________________________________________________________


1. Problem Description

	A buffer overflow in the DNS SRV code for nss_ldap allows remote
	attackers to cause a denial of service and possibly execute
	arbitrary code.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to nss_ldap-172-5.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to nss_ldap-172-5.i386.rpm

	OpenLinux 3.1 Server		prior to nss_ldap-172-5.i386.rpm

	OpenLinux 3.1 Workstation	prior to nss_ldap-172-5.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-058.0/RPMS

	4.2 Packages

	2f9e141ceaae799721272590043e524d	nss_ldap-172-5.i386.rpm

	4.3 Installation

	rpm -Fvh nss_ldap-172-5.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-058.0/SRPMS

	4.5 Source Packages

	b35831284c0413d2e86e450297ba615f	nss_ldap-172-5.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-058.0/RPMS

	5.2 Packages

	a1089ea16a2e35d6a54b5f2256be190f	nss_ldap-172-5.i386.rpm

	5.3 Installation

	rpm -Fvh nss_ldap-172-5.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-058.0/SRPMS

	5.5 Source Packages

	4a6d0418890bcaf45ab6c6c5e8e17d3b	nss_ldap-172-5.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-058.0/RPMS

	6.2 Packages

	bd1286f5e243e8001d32c21ec1eeb7b0	nss_ldap-172-5.i386.rpm

	6.3 Installation

	rpm -Fvh nss_ldap-172-5.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-058.0/SRPMS

	6.5 Source Packages

	3318607550f33f8c0c8902cd6bfc2b81	nss_ldap-172-5.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-058.0/RPMS

	7.2 Packages

	b60910e2d16a23f6842c534fe6516027	nss_ldap-172-5.i386.rpm

	7.3 Installation

	rpm -Fvh nss_ldap-172-5.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-058.0/SRPMS

	7.5 Source Packages

	30aae498b3ebef5a791219eb2fb80c98	nss_ldap-172-5.src.rpm


8. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0825

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr870483, fz526358,
	erg712144.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.

______________________________________________________________________________

--qM81t570OJUP5TU/
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj32j/IACgkQbluZssSXDTFgnwCdHUs6E2bcuhmcG01F1hC01SAL
Ye0AnjED7K2Af+EU6QjkDI7giUvHdB95
=vpQx
-----END PGP SIGNATURE-----

--qM81t570OJUP5TU/--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру