FKIE_CVE-2013-0288
Vulnerability from fkie_nvd - Published: 2013-03-05 21:38 - Updated: 2025-04-11 00:51
Severity ?
Summary
nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A0F0A1-22BF-49ED-A30B-73B8CDE944FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8339A42-2F47-49ED-BEBA-D3FB979019D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD7177E-DB13-42FE-A9E8-B5EBDFD7BEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27FC4C3C-81EE-4AF4-BBFE-81DAD891AD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEEC0FF-FA8A-4FF1-AD32-3EFDFDC8BFC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84738050-FD3C-471B-91C3-BE1A081F4992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EA772BA6-C7D5-4D3A-89F7-67F76431DC85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F586048F-2C4D-4EDF-95EA-4AE8B856429B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B13CF6FE-E668-4A23-BB5F-92B8EB99D580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCEDFCE-16BB-4E09-9989-0029E9218D6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F228803F-F3C5-4EAB-8F0A-EC87936E02C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282CB342-5F1B-4610-9B20-E7D0350169AB",
"versionEndIncluding": "0.7.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5C5217-5A15-4214-8565-8772C7CE77E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E25F464-7D12-459E-94F6-79737AC5236D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5260A9F7-2D44-4B6F-9400-84BFF184AA67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "735C6629-0A0A-4410-B983-6D2BD838BD47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8F18D3-17CB-404D-86DC-EAB6ED06FD63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23D83B1A-5064-4EB0-9FE4-00F8FF009777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "82420B2C-3642-4F11-A0AA-9E125F14CE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "932005E5-BDDD-4985-812C-9894C2299C34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F57C39F-6CBC-4BB5-AE17-347D033DAB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "053019E4-D2D2-4688-AAC2-D2BD44CF8A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFCE672-616D-447C-8037-8601D2F9AEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6807CA-E391-4AF1-9517-ADA1DF3F9A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B260B1-9532-4588-9D1F-420FB03AB86D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5861165B-11B0-47A3-B523-02219F812427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8467A973-1C06-408F-8905-4A1685F1460C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA00A4F-BCA4-4D85-843C-A8F541DE0430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22D4E112-66E6-4679-A471-11182C96A1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "457362A3-CF56-4BBF-8FC4-78CA65D10394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "118E6469-682A-4AF6-9D68-94052CE9D2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "44DCA5C8-BED1-49EF-B977-C1FBE199CC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "75568060-1855-401F-AA57-D8181594743A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8F13B3AF-6534-4D1E-82BC-955F2811E69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "88331004-3E43-41CB-9F75-EE2E66B40F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4B0B59-3F0A-4445-9B1E-7D2BE55A2893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58B99408-3AEB-493A-A8ED-FF58279D3689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B605D9E-E966-4734-8482-3647D6B5FF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F13252A-4EC1-48D2-8CDF-7EBCA0E1E534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "09ABEA75-3C4D-4A0A-968C-399278503F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC556A00-652E-474A-ABA2-117898DC8ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF32F990-1B4B-4BFC-9DB5-11B5B988E842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C838B4FC-8F8F-4982-87C7-E8FAC23F349A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "147049EC-BE86-42B5-881A-307895551304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9875EA63-CA67-436A-B637-E8F6A526517C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4238362D-B5AF-42F3-9587-FB803AFF3C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5C6441-E75A-400F-B7B0-A3E5843A3EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "21CCE081-0AA2-44DC-A91B-8B32BC156758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F9B185-5A72-41E0-A6EE-DEC388B8953E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDDBAEE-D343-42ED-84BA-4CBE1042A78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "07A8A3A9-F56C-4928-8DB2-20E938780DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F38DBC33-6790-4641-9C49-40B30D387885",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro."
},
{
"lang": "es",
"value": "nss-pam-ldapd before v0.7.18 y v0.8.x anterior a v0.8.11 permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario realizando una b\u00fasqueda de nombre en una aplicaci\u00f3n con un gran n\u00famero de descriptores de archivos abiertos, lo cual provoca un desbordamiento de b\u00fafer basado en pila relacionada con el uso incorrecto de la macro \"FD_SET\"."
}
],
"id": "CVE-2013-0288",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-05T21:38:55.680",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81"
},
{
"source": "secalert@redhat.com",
"url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=abf03bc54032beeff95b1b8634cc005137e11f32"
},
{
"source": "secalert@redhat.com",
"url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b"
},
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2013/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099438.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00087.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00091.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0590.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/52212"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52242"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2628"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:106"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/18/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58007"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82175"
},
{
"source": "secalert@redhat.com",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=abf03bc54032beeff95b1b8634cc005137e11f32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2013/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099438.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0590.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/52212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0071"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…