{"cve": [{"lastseen": "2017-08-29T10:47:39", "bulletinFamily": "NVD", "description": "nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro.", "modified": "2017-08-28T21:33:01", "published": "2013-03-05T16:38:55", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0288", "id": "CVE-2013-0288", "title": "CVE-2013-0288", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:16:53", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2013:0590 :\n\nUpdated nss-pam-ldapd packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd),\nwhich uses a directory server to lookup name service information on\nbehalf of a lightweight nsswitch module.\n\nAn array index error, leading to a stack-based buffer overflow flaw,\nwas found in the way nss-pam-ldapd managed open file descriptors. An\nattacker able to make a process have a large number of open file\ndescriptors and perform name lookups could use this flaw to cause the\nprocess to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the process. (CVE-2013-0288)\n\nRed Hat would like to thank Garth Mollett for reporting this issue.\n\nAll users of nss-pam-ldapd are advised to upgrade to these updated\npackages, which contain a backported patch to fix this issue.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2013-0590.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68771", "title": "Oracle Linux 6 : nss-pam-ldapd (ELSA-2013-0590)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0590 and \n# Oracle Linux Security Advisory ELSA-2013-0590 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68771);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-0288\");\n script_bugtraq_id(58007);\n script_xref(name:\"RHSA\", value:\"2013:0590\");\n\n script_name(english:\"Oracle Linux 6 : nss-pam-ldapd (ELSA-2013-0590)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0590 :\n\nUpdated nss-pam-ldapd packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd),\nwhich uses a directory server to lookup name service information on\nbehalf of a lightweight nsswitch module.\n\nAn array index error, leading to a stack-based buffer overflow flaw,\nwas found in the way nss-pam-ldapd managed open file descriptors. An\nattacker able to make a process have a large number of open file\ndescriptors and perform name lookups could use this flaw to cause the\nprocess to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the process. (CVE-2013-0288)\n\nRed Hat would like to thank Garth Mollett for reporting this issue.\n\nAll users of nss-pam-ldapd are advised to upgrade to these updated\npackages, which contain a backported patch to fix this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003324.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss-pam-ldapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-pam-ldapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"nss-pam-ldapd-0.7.5-18.1.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss-pam-ldapd\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:15:50", "bulletinFamily": "scanner", "description": "Updated nss-pam-ldapd packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd),\nwhich uses a directory server to lookup name service information on\nbehalf of a lightweight nsswitch module.\n\nAn array index error, leading to a stack-based buffer overflow flaw,\nwas found in the way nss-pam-ldapd managed open file descriptors. An\nattacker able to make a process have a large number of open file\ndescriptors and perform name lookups could use this flaw to cause the\nprocess to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the process. (CVE-2013-0288)\n\nRed Hat would like to thank Garth Mollett for reporting this issue.\n\nAll users of nss-pam-ldapd are advised to upgrade to these updated\npackages, which contain a backported patch to fix this issue.", "modified": "2018-11-10T00:00:00", "published": "2013-03-10T00:00:00", "id": "CENTOS_RHSA-2013-0590.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65161", "title": "CentOS 6 : nss-pam-ldapd (CESA-2013:0590)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0590 and \n# CentOS Errata and Security Advisory 2013:0590 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65161);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2013-0288\");\n script_bugtraq_id(58007);\n script_xref(name:\"RHSA\", value:\"2013:0590\");\n\n script_name(english:\"CentOS 6 : nss-pam-ldapd (CESA-2013:0590)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated nss-pam-ldapd packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd),\nwhich uses a directory server to lookup name service information on\nbehalf of a lightweight nsswitch module.\n\nAn array index error, leading to a stack-based buffer overflow flaw,\nwas found in the way nss-pam-ldapd managed open file descriptors. An\nattacker able to make a process have a large number of open file\ndescriptors and perform name lookups could use this flaw to cause the\nprocess to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the process. (CVE-2013-0288)\n\nRed Hat would like to thank Garth Mollett for reporting this issue.\n\nAll users of nss-pam-ldapd are advised to upgrade to these updated\npackages, which contain a backported patch to fix this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019628.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?469aa863\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-March/000816.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45be22be\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss-pam-ldapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-pam-ldapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-pam-ldapd-0.7.5-18.1.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:01", "bulletinFamily": "scanner", "description": "Updated nss-pam-ldapd packages fixes the following security\nvulnerability :\n\nGarth Mollett discovered that a file descriptor overflow issue in the\nuse of FD_SET() in nss-pam-ldapd can lead to a stack-based buffer\noverflow. An attacker could, under some circumstances, use this flaw\nto cause a process that has the NSS or PAM module loaded to crash or\npotentially execute arbitrary code.\n\nThe issue can be triggered in a network daemon by opening a large\nnumber of connections and forcing a name lookup. This would result in\na crash and possibly remote code execution. This issue may also allow\nlocal privilege escalation if a suid program does name lookups and\ndoesn't close file descriptors inherited from the parent process\n(CVE-2013-0288).", "modified": "2018-07-19T00:00:00", "published": "2013-04-20T00:00:00", "id": "MANDRIVA_MDVSA-2013-106.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66118", "title": "Mandriva Linux Security Advisory : nss-pam-ldapd (MDVSA-2013:106)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:106. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66118);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2013-0288\");\n script_bugtraq_id(58007);\n script_xref(name:\"MDVSA\", value:\"2013:106\");\n script_xref(name:\"MGASA\", value:\"2013-0071\");\n\n script_name(english:\"Mandriva Linux Security Advisory : nss-pam-ldapd (MDVSA-2013:106)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated nss-pam-ldapd packages fixes the following security\nvulnerability :\n\nGarth Mollett discovered that a file descriptor overflow issue in the\nuse of FD_SET() in nss-pam-ldapd can lead to a stack-based buffer\noverflow. An attacker could, under some circumstances, use this flaw\nto cause a process that has the NSS or PAM module loaded to crash or\npotentially execute arbitrary code.\n\nThe issue can be triggered in a network daemon by opening a large\nnumber of connections and forcing a name lookup. This would result in\na crash and possibly remote code execution. This issue may also allow\nlocal privilege escalation if a suid program does name lookups and\ndoesn't close file descriptors inherited from the parent process\n(CVE-2013-0288).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss-pam-ldapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nss-pam-ldapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"nss-pam-ldapd-0.8.6-4.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:15:40", "bulletinFamily": "scanner", "description": "Garth Mollett discovered that a file descriptor overflow issue in the\nuse of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules\nfor using LDAP as a naming service, can lead to a stack-based buffer\noverflow. An attacker could, under some circumstances, use this flaw\nto cause a process that has the NSS or PAM module loaded to crash or\npotentially execute arbitrary code.", "modified": "2018-11-10T00:00:00", "published": "2013-02-19T00:00:00", "id": "DEBIAN_DSA-2628.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64671", "title": "Debian DSA-2628-1 : nss-pam-ldapd - buffer overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2628. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64671);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2013-0288\");\n script_bugtraq_id(58007);\n script_xref(name:\"DSA\", value:\"2628\");\n\n script_name(english:\"Debian DSA-2628-1 : nss-pam-ldapd - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Garth Mollett discovered that a file descriptor overflow issue in the\nuse of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules\nfor using LDAP as a naming service, can lead to a stack-based buffer\noverflow. An attacker could, under some circumstances, use this flaw\nto cause a process that has the NSS or PAM module loaded to crash or\npotentially execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/nss-pam-ldapd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2628\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the nss-pam-ldapd packages.\n\nFor the stable distribution (squeeze) this problem has been fixed in\nversion 0.7.15+squeeze4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nss-pam-ldapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libnss-ldapd\", reference:\"0.7.15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpam-ldapd\", reference:\"0.7.15+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"nslcd\", reference:\"0.7.15+squeeze4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:15:47", "bulletinFamily": "scanner", "description": "Updated nss-pam-ldapd packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd),\nwhich uses a directory server to lookup name service information on\nbehalf of a lightweight nsswitch module.\n\nAn array index error, leading to a stack-based buffer overflow flaw,\nwas found in the way nss-pam-ldapd managed open file descriptors. An\nattacker able to make a process have a large number of open file\ndescriptors and perform name lookups could use this flaw to cause the\nprocess to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the process. (CVE-2013-0288)\n\nRed Hat would like to thank Garth Mollett for reporting this issue.\n\nAll users of nss-pam-ldapd are advised to upgrade to these updated\npackages, which contain a backported patch to fix this issue.", "modified": "2018-11-10T00:00:00", "published": "2013-03-05T00:00:00", "id": "REDHAT-RHSA-2013-0590.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65007", "title": "RHEL 6 : nss-pam-ldapd (RHSA-2013:0590)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0590. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65007);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2013-0288\");\n script_bugtraq_id(58007);\n script_xref(name:\"RHSA\", value:\"2013:0590\");\n\n script_name(english:\"RHEL 6 : nss-pam-ldapd (RHSA-2013:0590)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated nss-pam-ldapd packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd),\nwhich uses a directory server to lookup name service information on\nbehalf of a lightweight nsswitch module.\n\nAn array index error, leading to a stack-based buffer overflow flaw,\nwas found in the way nss-pam-ldapd managed open file descriptors. An\nattacker able to make a process have a large number of open file\ndescriptors and perform name lookups could use this flaw to cause the\nprocess to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the process. (CVE-2013-0288)\n\nRed Hat would like to thank Garth Mollett for reporting this issue.\n\nAll users of nss-pam-ldapd are advised to upgrade to these updated\npackages, which contain a backported patch to fix this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0288\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected nss-pam-ldapd and / or nss-pam-ldapd-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-pam-ldapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-pam-ldapd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0590\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"nss-pam-ldapd-0.7.5-18.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss-pam-ldapd / nss-pam-ldapd-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:15:46", "bulletinFamily": "scanner", "description": "Fixes: CVE-2013-0288 nss-pam-ldapd: FD_SET array index error, leading\nto stack-based buffer overflow\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2016-05-09T00:00:00", "published": "2013-03-01T00:00:00", "id": "FEDORA_2013-2754.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64940", "title": "Fedora 17 : nss-pam-ldapd-0.7.16-3.fc17 (2013-2754)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-2754.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64940);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/05/09 15:36:32 $\");\n\n script_cve_id(\"CVE-2013-0288\");\n script_bugtraq_id(58007);\n script_xref(name:\"FEDORA\", value:\"2013-2754\");\n\n script_name(english:\"Fedora 17 : nss-pam-ldapd-0.7.16-3.fc17 (2013-2754)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes: CVE-2013-0288 nss-pam-ldapd: FD_SET array index error, leading\nto stack-based buffer overflow\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=909119\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/099438.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?044bb851\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss-pam-ldapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nss-pam-ldapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"nss-pam-ldapd-0.7.16-3.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss-pam-ldapd\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:15:47", "bulletinFamily": "scanner", "description": "An array index error, leading to a stack-based buffer overflow flaw,\nwas found in the way nss-pam-ldapd managed open file descriptors. An\nattacker able to make a process have a large number of open file\ndescriptors and perform name lookups could use this flaw to cause the\nprocess to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the process. (CVE-2013-0288)", "modified": "2018-12-31T00:00:00", "published": "2013-03-05T00:00:00", "id": "SL_20130304_NSS_PAM_LDAPD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65020", "title": "Scientific Linux Security Update : nss-pam-ldapd on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65020);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2013-0288\");\n\n script_name(english:\"Scientific Linux Security Update : nss-pam-ldapd on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An array index error, leading to a stack-based buffer overflow flaw,\nwas found in the way nss-pam-ldapd managed open file descriptors. An\nattacker able to make a process have a large number of open file\ndescriptors and perform name lookups could use this flaw to cause the\nprocess to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the process. (CVE-2013-0288)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=1547\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?00fe2927\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected nss-pam-ldapd and / or nss-pam-ldapd-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"nss-pam-ldapd-0.7.5-18.1.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:15:42", "bulletinFamily": "scanner", "description": "Garth Mollett reports :\n\nA file descriptor overflow issue in the use of FD_SET() in\nnss-pam-ldapd can lead to a stack-based buffer overflow. An attacker\ncould, under some circumstances, use this flaw to cause a process that\nhas the NSS or PAM module loaded to crash or potentially execute\narbitrary code.", "modified": "2018-11-10T00:00:00", "published": "2013-02-21T00:00:00", "id": "FREEBSD_PKG_58C152927B6111E295DA001E8C1A8A0E.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64743", "title": "FreeBSD : nss-pam-ldapd -- file descriptor buffer overflow (58c15292-7b61-11e2-95da-001e8c1a8a0e)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64743);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2013-0288\");\n\n script_name(english:\"FreeBSD : nss-pam-ldapd -- file descriptor buffer overflow (58c15292-7b61-11e2-95da-001e8c1a8a0e)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Garth Mollett reports :\n\nA file descriptor overflow issue in the use of FD_SET() in\nnss-pam-ldapd can lead to a stack-based buffer overflow. An attacker\ncould, under some circumstances, use this flaw to cause a process that\nhas the NSS or PAM module loaded to crash or potentially execute\narbitrary code.\"\n );\n # https://vuxml.freebsd.org/freebsd/58c15292-7b61-11e2-95da-001e8c1a8a0e.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aeea2f16\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nss-pam-ldapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"nss-pam-ldapd<0.8.12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:04", "bulletinFamily": "unix", "description": "The nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd), which\nuses a directory server to lookup name service information on behalf of a\nlightweight nsswitch module.\n\nAn array index error, leading to a stack-based buffer overflow flaw, was\nfound in the way nss-pam-ldapd managed open file descriptors. An attacker\nable to make a process have a large number of open file descriptors and\nperform name lookups could use this flaw to cause the process to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe process. (CVE-2013-0288)\n\nRed Hat would like to thank Garth Mollett for reporting this issue.\n\nAll users of nss-pam-ldapd are advised to upgrade to these updated\npackages, which contain a backported patch to fix this issue.\n", "modified": "2018-06-06T20:24:21", "published": "2013-03-04T05:00:00", "id": "RHSA-2013:0590", "href": "https://access.redhat.com/errata/RHSA-2013:0590", "type": "redhat", "title": "(RHSA-2013:0590) Important: nss-pam-ldapd security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-01-19T15:08:43", "bulletinFamily": "scanner", "description": "Check for the Version of nss-pam-ldapd", "modified": "2018-01-19T00:00:00", "published": "2013-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881638", "id": "OPENVAS:881638", "title": "CentOS Update for nss-pam-ldapd CESA-2013:0590 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss-pam-ldapd CESA-2013:0590 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd), which\n uses a directory server to lookup name service information on behalf of a\n lightweight nsswitch module.\n\n An array index error, leading to a stack-based buffer overflow flaw, was\n found in the way nss-pam-ldapd managed open file descriptors. An attacker\n able to make a process have a large number of open file descriptors and\n perform name lookups could use this flaw to cause the process to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the process. (CVE-2013-0288)\n \n Red Hat would like to thank Garth Mollett for reporting this issue.\n \n All users of nss-pam-ldapd are advised to upgrade to these updated\n packages, which contain a backported patch to fix this issue.\";\n\n\ntag_affected = \"nss-pam-ldapd on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019628.html\");\n script_id(881638);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:59:07 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2013-0288\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0590\");\n script_name(\"CentOS Update for nss-pam-ldapd CESA-2013:0590 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss-pam-ldapd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-pam-ldapd\", rpm:\"nss-pam-ldapd~0.7.5~18.1.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:10:17", "bulletinFamily": "scanner", "description": "Check for the Version of nss-pam-ldapd", "modified": "2018-01-22T00:00:00", "published": "2013-03-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870947", "id": "OPENVAS:870947", "title": "RedHat Update for nss-pam-ldapd RHSA-2013:0590-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss-pam-ldapd RHSA-2013:0590-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd), which\n uses a directory server to lookup name service information on behalf of a\n lightweight nsswitch module.\n\n An array index error, leading to a stack-based buffer overflow flaw, was\n found in the way nss-pam-ldapd managed open file descriptors. An attacker\n able to make a process have a large number of open file descriptors and\n perform name lookups could use this flaw to cause the process to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the process. (CVE-2013-0288)\n\n Red Hat would like to thank Garth Mollett for reporting this issue.\n\n All users of nss-pam-ldapd are advised to upgrade to these updated\n packages, which contain a backported patch to fix this issue.\";\n\n\ntag_affected = \"nss-pam-ldapd on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00004.html\");\n script_id(870947);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-05 09:42:53 +0530 (Tue, 05 Mar 2013)\");\n script_cve_id(\"CVE-2013-0288\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2013:0590-01\");\n script_name(\"RedHat Update for nss-pam-ldapd RHSA-2013:0590-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss-pam-ldapd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-pam-ldapd\", rpm:\"nss-pam-ldapd~0.7.5~18.1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pam-ldapd-debuginfo\", rpm:\"nss-pam-ldapd-debuginfo~0.7.5~18.1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:09:39", "bulletinFamily": "scanner", "description": "Check for the Version of nss-pam-ldapd", "modified": "2018-01-18T00:00:00", "published": "2013-03-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=865403", "id": "OPENVAS:865403", "title": "Fedora Update for nss-pam-ldapd FEDORA-2013-2754", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss-pam-ldapd FEDORA-2013-2754\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"nss-pam-ldapd on Fedora 17\";\ntag_insight = \"The nss-pam-ldapd daemon, nslcd, uses a directory server to look up name\n service information (users, groups, etc.) on behalf of a lightweight\n nsswitch module.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099438.html\");\n script_id(865403);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-05 09:39:43 +0530 (Tue, 05 Mar 2013)\");\n script_cve_id(\"CVE-2013-0288\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-2754\");\n script_name(\"Fedora Update for nss-pam-ldapd FEDORA-2013-2754\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss-pam-ldapd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-pam-ldapd\", rpm:\"nss-pam-ldapd~0.7.16~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:52:11", "bulletinFamily": "scanner", "description": "Garth Mollett discovered that a file descriptor overflow issue in the\nuse of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for\nusing LDAP as a naming service, can lead to a stack-based buffer\noverflow. An attacker could, under some circumstances, use this flaw to\ncause a process that has the NSS or PAM module loaded to crash or\npotentially execute arbitrary code.", "modified": "2017-07-07T00:00:00", "published": "2013-06-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=892628", "id": "OPENVAS:892628", "title": "Debian Security Advisory DSA 2628-1 (nss-pam-ldapd - buffer overflow)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2628.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2628-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"nss-pam-ldapd on Debian Linux\";\ntag_insight = \"nss-pam-ldap provides a Name Service Switch module that allows your LDAP\nserver to provide user account, group, host name, alias, netgroup, and\nbasically any other information that you would normally get from /etc flat\nfiles or NIS.\";\ntag_solution = \"For the stable distribution (squeeze) this problem has been fixed in\nversion 0.7.15+squeeze4.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 0.8.10-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.10-3.\n\nWe recommend that you upgrade your nss-pam-ldapd packages.\";\ntag_summary = \"Garth Mollett discovered that a file descriptor overflow issue in the\nuse of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for\nusing LDAP as a naming service, can lead to a stack-based buffer\noverflow. An attacker could, under some circumstances, use this flaw to\ncause a process that has the NSS or PAM module loaded to crash or\npotentially execute arbitrary code.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892628);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-0288\");\n script_name(\"Debian Security Advisory DSA 2628-1 (nss-pam-ldapd - buffer overflow)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-06-18 00:00:00 +0200 (Tue, 18 Jun 2013)\");\n script_tag(name: \"cvss_base\", value:\"6.8\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2628.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnss-ldapd\", ver:\"0.7.15+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-ldapd\", ver:\"0.7.15+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nslcd\", ver:\"0.7.15+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-ldapd\", ver:\"0.8.10-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-ldapd\", ver:\"0.8.10-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nslcd\", ver:\"0.8.10-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:38", "bulletinFamily": "scanner", "description": "Check for the Version of nss-pam-ldapd", "modified": "2018-04-06T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:1361412562310881638", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881638", "title": "CentOS Update for nss-pam-ldapd CESA-2013:0590 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss-pam-ldapd CESA-2013:0590 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd), which\n uses a directory server to lookup name service information on behalf of a\n lightweight nsswitch module.\n\n An array index error, leading to a stack-based buffer overflow flaw, was\n found in the way nss-pam-ldapd managed open file descriptors. An attacker\n able to make a process have a large number of open file descriptors and\n perform name lookups could use this flaw to cause the process to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the process. (CVE-2013-0288)\n \n Red Hat would like to thank Garth Mollett for reporting this issue.\n \n All users of nss-pam-ldapd are advised to upgrade to these updated\n packages, which contain a backported patch to fix this issue.\";\n\n\ntag_affected = \"nss-pam-ldapd on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019628.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881638\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:59:07 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2013-0288\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0590\");\n script_name(\"CentOS Update for nss-pam-ldapd CESA-2013:0590 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss-pam-ldapd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-pam-ldapd\", rpm:\"nss-pam-ldapd~0.7.5~18.1.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:51", "bulletinFamily": "scanner", "description": "Check for the Version of nss-pam-ldapd", "modified": "2018-04-06T00:00:00", "published": "2013-03-05T00:00:00", "id": "OPENVAS:1361412562310865403", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865403", "title": "Fedora Update for nss-pam-ldapd FEDORA-2013-2754", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss-pam-ldapd FEDORA-2013-2754\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"nss-pam-ldapd on Fedora 17\";\ntag_insight = \"The nss-pam-ldapd daemon, nslcd, uses a directory server to look up name\n service information (users, groups, etc.) on behalf of a lightweight\n nsswitch module.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099438.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865403\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-05 09:39:43 +0530 (Tue, 05 Mar 2013)\");\n script_cve_id(\"CVE-2013-0288\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-2754\");\n script_name(\"Fedora Update for nss-pam-ldapd FEDORA-2013-2754\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss-pam-ldapd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-pam-ldapd\", rpm:\"nss-pam-ldapd~0.7.16~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:15:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-03-05T00:00:00", "id": "OPENVAS:1361412562310870947", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870947", "title": "RedHat Update for nss-pam-ldapd RHSA-2013:0590-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss-pam-ldapd RHSA-2013:0590-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00004.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870947\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-05 09:42:53 +0530 (Tue, 05 Mar 2013)\");\n script_cve_id(\"CVE-2013-0288\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2013:0590-01\");\n script_name(\"RedHat Update for nss-pam-ldapd RHSA-2013:0590-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss-pam-ldapd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"nss-pam-ldapd on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd), which\n uses a directory server to lookup name service information on behalf of a\n lightweight nsswitch module.\n\n An array index error, leading to a stack-based buffer overflow flaw, was\n found in the way nss-pam-ldapd managed open file descriptors. An attacker\n able to make a process have a large number of open file descriptors and\n perform name lookups could use this flaw to cause the process to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the process. (CVE-2013-0288)\n\n Red Hat would like to thank Garth Mollett for reporting this issue.\n\n All users of nss-pam-ldapd are advised to upgrade to these updated\n packages, which contain a backported patch to fix this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-pam-ldapd\", rpm:\"nss-pam-ldapd~0.7.5~18.1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pam-ldapd-debuginfo\", rpm:\"nss-pam-ldapd-debuginfo~0.7.5~18.1.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:42", "bulletinFamily": "scanner", "description": "Garth Mollett discovered that a file descriptor overflow issue in the\nuse of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for\nusing LDAP as a naming service, can lead to a stack-based buffer\noverflow. An attacker could, under some circumstances, use this flaw to\ncause a process that has the NSS or PAM module loaded to crash or\npotentially execute arbitrary code.", "modified": "2018-04-06T00:00:00", "published": "2013-06-18T00:00:00", "id": "OPENVAS:1361412562310892628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892628", "title": "Debian Security Advisory DSA 2628-1 (nss-pam-ldapd - buffer overflow)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2628.nasl 9353 2018-04-06 07:14:20Z cfischer $\n# Auto-generated from advisory DSA 2628-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"nss-pam-ldapd on Debian Linux\";\ntag_insight = \"nss-pam-ldap provides a Name Service Switch module that allows your LDAP\nserver to provide user account, group, host name, alias, netgroup, and\nbasically any other information that you would normally get from /etc flat\nfiles or NIS.\";\ntag_solution = \"For the stable distribution (squeeze) this problem has been fixed in\nversion 0.7.15+squeeze4.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 0.8.10-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.10-3.\n\nWe recommend that you upgrade your nss-pam-ldapd packages.\";\ntag_summary = \"Garth Mollett discovered that a file descriptor overflow issue in the\nuse of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for\nusing LDAP as a naming service, can lead to a stack-based buffer\noverflow. An attacker could, under some circumstances, use this flaw to\ncause a process that has the NSS or PAM module loaded to crash or\npotentially execute arbitrary code.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892628\");\n script_version(\"$Revision: 9353 $\");\n script_cve_id(\"CVE-2013-0288\");\n script_name(\"Debian Security Advisory DSA 2628-1 (nss-pam-ldapd - buffer overflow)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2013-06-18 00:00:00 +0200 (Tue, 18 Jun 2013)\");\n script_tag(name: \"cvss_base\", value:\"6.8\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2628.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnss-ldapd\", ver:\"0.7.15+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-ldapd\", ver:\"0.7.15+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nslcd\", ver:\"0.7.15+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-ldapd\", ver:\"0.8.10-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-ldapd\", ver:\"0.8.10-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nslcd\", ver:\"0.8.10-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:23:55", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2013-0590", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123682", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123682", "title": "Oracle Linux Local Check: ELSA-2013-0590", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0590.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123682\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:11 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0590\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0590 - nss-pam-ldapd security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0590\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0590.html\");\n script_cve_id(\"CVE-2013-0288\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"nss-pam-ldapd\", rpm:\"nss-pam-ldapd~0.7.5~18.1.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:59", "bulletinFamily": "unix", "description": "\nGarth Mollett reports:\n\nA file descriptor overflow issue in the use of FD_SET()\n\t in nss-pam-ldapd can lead to a stack-based buffer overflow.\n\t An attacker could, under some circumstances, use this flaw\n\t to cause a process that has the NSS or PAM module loaded to\n\t crash or potentially execute arbitrary code.\n\n", "modified": "2013-02-18T00:00:00", "published": "2013-02-18T00:00:00", "id": "58C15292-7B61-11E2-95DA-001E8C1A8A0E", "href": "https://vuxml.freebsd.org/freebsd/58c15292-7b61-11e2-95da-001e8c1a8a0e.html", "title": "nss-pam-ldapd -- file descriptor buffer overflow", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:45:54", "bulletinFamily": "unix", "description": "[0.7.5-18.1]\n- Apply upstream r1926 to resolve FD_SET array index error\n- Resolves: rhbz#915361", "modified": "2013-03-04T00:00:00", "published": "2013-03-04T00:00:00", "id": "ELSA-2013-0590", "href": "http://linux.oracle.com/errata/ELSA-2013-0590.html", "title": "nss-pam-ldapd security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:12:50", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2628-2 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 18, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nss-pam-ldapd\nVulnerability : buffer overflow\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2013-0288\n\nThe security update DSA-2628 for nss-pam-ldapd failed to build on\nkfreebsd-amd64 and kfreebsd-i386. \n\nFor the oldstable distribution (squeeze) this problem has been fixed in\nversion 0.7.15+squeeze4.\n\nWe recommend that you upgrade your nss-pam-ldapd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2013-06-18T19:53:09", "published": "2013-06-18T19:53:09", "id": "DEBIAN:DSA-2628-2:95029", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00120.html", "title": "[SECURITY] [DSA 2628-2] nss-pam-ldapd update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:34", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2628-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 18, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nss-pam-ldapd\nVulnerability : buffer overflow\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2013-0288\nDebian Bug : 690319\n\nGarth Mollett discovered that a file descriptor overflow issue in the\nuse of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for\nusing LDAP as a naming service, can lead to a stack-based buffer\noverflow. An attacker could, under some circumstances, use this flaw to\ncause a process that has the NSS or PAM module loaded to crash or\npotentially execute arbitrary code.\n\nFor the stable distribution (squeeze) this problem has been fixed in\nversion 0.7.15+squeeze3.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 0.8.10-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.10-3.\n\nWe recommend that you upgrade your nss-pam-ldapd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2013-02-18T17:01:42", "published": "2013-02-18T17:01:42", "id": "DEBIAN:DSA-2628-1:F1A61", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00033.html", "title": "[SECURITY] [DSA 2628-1] nss-pam-ldapd security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:50", "bulletinFamily": "software", "description": "FD_SET() structure overflow", "modified": "2013-02-24T00:00:00", "published": "2013-02-24T00:00:00", "id": "SECURITYVULNS:VULN:12909", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12909", "title": "nss-pam-ldapd fd_set overflow", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2628-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nFebruary 18, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : nss-pam-ldapd\r\nVulnerability : buffer overflow\r\nProblem type : local (remote)\r\nDebian-specific: no\r\nCVE ID : CVE-2013-0288\r\nDebian Bug : 690319\r\n\r\nGarth Mollett discovered that a file descriptor overflow issue in the\r\nuse of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for\r\nusing LDAP as a naming service, can lead to a stack-based buffer\r\noverflow. An attacker could, under some circumstances, use this flaw to\r\ncause a process that has the NSS or PAM module loaded to crash or\r\npotentially execute arbitrary code.\r\n\r\nFor the stable distribution (squeeze) this problem has been fixed in\r\nversion 0.7.15+squeeze3.\r\n\r\nFor the testing distribution (wheezy), this problem has been fixed in\r\nversion 0.8.10-3.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 0.8.10-3.\r\n\r\nWe recommend that you upgrade your nss-pam-ldapd packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niEYEARECAAYFAlEiW7gACgkQXm3vHE4uyloWqwCcDZWJYLmupXkP8XOAhAY9825R\r\n5rMAoOA3R8aSGzI+t1PAbx1hoUqR5Hgg\r\n=/Twb\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2013-02-24T00:00:00", "published": "2013-02-24T00:00:00", "id": "SECURITYVULNS:DOC:29093", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29093", "title": "[SECURITY] [DSA 2628-1] nss-pam-ldapd security update", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2018-04-04T13:00:05", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:0590\n\n\nThe nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd), which\nuses a directory server to lookup name service information on behalf of a\nlightweight nsswitch module.\n\nAn array index error, leading to a stack-based buffer overflow flaw, was\nfound in the way nss-pam-ldapd managed open file descriptors. An attacker\nable to make a process have a large number of open file descriptors and\nperform name lookups could use this flaw to cause the process to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe process. (CVE-2013-0288)\n\nRed Hat would like to thank Garth Mollett for reporting this issue.\n\nAll users of nss-pam-ldapd are advised to upgrade to these updated\npackages, which contain a backported patch to fix this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-March/000816.html\n\n**Affected packages:**\nnss-pam-ldapd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0590.html", "modified": "2013-03-04T22:46:09", "published": "2013-03-04T22:46:09", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-March/000816.html", "id": "CESA-2013:0590", "title": "nss security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
