Date: Tue, 10 Dec 2002 17:08:02 -0800
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV
--qM81t570OJUP5TU/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: buffer overflow in nss_ldap DNS SRV
Advisory number: CSSA-2002-058.0
Issue date: 2002 December 10
Cross reference:
______________________________________________________________________________
1. Problem Description
A buffer overflow in the DNS SRV code for nss_ldap allows remote
attackers to cause a denial of service and possibly execute
arbitrary code.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to nss_ldap-172-5.i386.rpm
OpenLinux 3.1.1 Workstation prior to nss_ldap-172-5.i386.rpm
OpenLinux 3.1 Server prior to nss_ldap-172-5.i386.rpm
OpenLinux 3.1 Workstation prior to nss_ldap-172-5.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-058.0/RPMS
4.2 Packages
2f9e141ceaae799721272590043e524d nss_ldap-172-5.i386.rpm
4.3 Installation
rpm -Fvh nss_ldap-172-5.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-058.0/SRPMS
4.5 Source Packages
b35831284c0413d2e86e450297ba615f nss_ldap-172-5.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-058.0/RPMS
5.2 Packages
a1089ea16a2e35d6a54b5f2256be190f nss_ldap-172-5.i386.rpm
5.3 Installation
rpm -Fvh nss_ldap-172-5.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-058.0/SRPMS
5.5 Source Packages
4a6d0418890bcaf45ab6c6c5e8e17d3b nss_ldap-172-5.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-058.0/RPMS
6.2 Packages
bd1286f5e243e8001d32c21ec1eeb7b0 nss_ldap-172-5.i386.rpm
6.3 Installation
rpm -Fvh nss_ldap-172-5.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-058.0/SRPMS
6.5 Source Packages
3318607550f33f8c0c8902cd6bfc2b81 nss_ldap-172-5.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-058.0/RPMS
7.2 Packages
b60910e2d16a23f6842c534fe6516027 nss_ldap-172-5.i386.rpm
7.3 Installation
rpm -Fvh nss_ldap-172-5.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-058.0/SRPMS
7.5 Source Packages
30aae498b3ebef5a791219eb2fb80c98 nss_ldap-172-5.src.rpm
8. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0825
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr870483, fz526358,
erg712144.
9. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
______________________________________________________________________________
--qM81t570OJUP5TU/
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj32j/IACgkQbluZssSXDTFgnwCdHUs6E2bcuhmcG01F1hC01SAL
Ye0AnjED7K2Af+EU6QjkDI7giUvHdB95
=vpQx
-----END PGP SIGNATURE-----
--qM81t570OJUP5TU/--
