|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2002:075: nss_ldap Vulnerability Assessment Details
|
MDKSA-2002:075: nss_ldap |
||
Check for the version of the nss_ldap package Detailed Explanation for this Vulnerability Assessment The remote host is missing the patch for the advisory MDKSA-2002:075 (nss_ldap). A buffer overflow vulnerability exists in nss_ldap versions prior to 198. When nss_ldap is configured without a value for the 'host' keyword, it attempts to configure itself using SRV records stored in DNS. nss_ldap does not check that the data returned by the DNS query will fit into an internal buffer, thus exposing it to an overflow. A similar issue exists in versions of nss_ldap prior to 199 where nss_ldap does not check that the data returned by the DNS query has not been truncated by the resolver libraries to avoid a buffer overflow. This can make nss_ldap attempt to parse more data than what is actually available, making it vulnerable to a read buffer overflow. Finally, a format string bug in the logging function of pam_ldap prior to version 144 exist. All users are recommended to upgrade to these updated packages. Note that the nss_ldap packages for 7.2, 8.0, and Single Network Firewall 7.2 contain the pam_ldap modules. Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:075 Network Security Threat Level: High Networks Security ID: 4679 Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security |
||
Cables, Connectors |
Dell Poweredge R640 Server | 2x Xeon Gold 6132 | 128GB | H730P | 8x HDD Trays
$1849.00
DELL PowerEdge R730 Server 2x E5-2690v3 2.6GHz =24 Cores 32GB H730 4xRJ45
$274.00
Dell PowerEdge R620 Server 2x E5-2660 v1 2.2GHz 16 Cores 256GB RAM 2x 300GB HDD
$79.19
Dell PowerEdge R720XD Xeon E5-2680 V2 2.8GHz 20 Cores 256GB RAM 12x4TB
$510.00
Dell PowerEdge R730XD 28 Core Server 2X Xeon E5-2680 V4 H730 128GB RAM No HDD
$389.99
Dell PowerEdge R720 Server - 2x8c CPU,256Gb RAM, 128Gb SSD/3x900Gb SAS, Proxmox
$340.00
Dell PowerEdge R440 10-Bay Server | 2x Xeon Gold 6126 12Core CPU, 64GB PC4 RAM
$659.00
DELL POWEREDGE T430 SERVER W/ DUAL XEON E5-2609 CPU & 16GB MEMORY
$329.00
DELL PowerEdge R630 8SFF Server 2x E5-2690v4 2.6GHz =28 Cores 256GB H730 4xRJ45
$600.00
Dell Poweredge R730xd 2.5in 2x E5-2690 v3 2.6ghz 24-Cores 64gb H730 2x 750w
$289.99
|
||
No Discussions have been posted on this vulnerability. |