drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberläufe in nss_ldap
Name: |
Pufferüberläufe in nss_ldap
|
|
ID: |
CSSA-2002-058.0 |
|
Distribution: |
Caldera |
|
Plattformen: |
Caldera Server 3.1, Caldera Workstation 3.1, Caldera Server 3.1.1, Caldera Workstation 3.1.1 |
|
Datum: |
Mi, 11. Dezember 2002, 12:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
nss_ldap |
|
Originalnachricht |
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: buffer overflow in nss_ldap DNS SRV Advisory number: CSSA-2002-058.0 Issue date: 2002 December 10 Cross reference: ______________________________________________________________________________
1. Problem Description
A buffer overflow in the DNS SRV code for nss_ldap allows remote attackers to cause a denial of service and possibly execute arbitrary code.
2. Vulnerable Supported Versions
System Package ----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to nss_ldap-172-5.i386.rpm
OpenLinux 3.1.1 Workstation prior to nss_ldap-172-5.i386.rpm
OpenLinux 3.1 Server prior to nss_ldap-172-5.i386.rpm
OpenLinux 3.1 Workstation prior to nss_ldap-172-5.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-058.0/RPMS
4.2 Packages
2f9e141ceaae799721272590043e524d nss_ldap-172-5.i386.rpm
4.3 Installation
rpm -Fvh nss_ldap-172-5.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-058.0/SRPMS
4.5 Source Packages
b35831284c0413d2e86e450297ba615f nss_ldap-172-5.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-058.0/RPMS
5.2 Packages
a1089ea16a2e35d6a54b5f2256be190f nss_ldap-172-5.i386.rpm
5.3 Installation
rpm -Fvh nss_ldap-172-5.i386.rpm
5.4 Source Package Location
SRPMS
5.5 Source Packages
4a6d0418890bcaf45ab6c6c5e8e17d3b nss_ldap-172-5.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-058.0/RPMS
6.2 Packages
bd1286f5e243e8001d32c21ec1eeb7b0 nss_ldap-172-5.i386.rpm
6.3 Installation
rpm -Fvh nss_ldap-172-5.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-058.0/SRPMS
6.5 Source Packages
3318607550f33f8c0c8902cd6bfc2b81 nss_ldap-172-5.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-058.0/RPMS
7.2 Packages
b60910e2d16a23f6842c534fe6516027 nss_ldap-172-5.i386.rpm
7.3 Installation
rpm -Fvh nss_ldap-172-5.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-058.0/SRPMS
7.5 Source Packages
30aae498b3ebef5a791219eb2fb80c98 nss_ldap-172-5.src.rpm
8. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0825
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr870483, fz526358, erg712144.
9. Disclaimer
SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products.
______________________________________________________________________________
|
|
|
|