CVE-2013-0288

{"id": "CVE-2013-0288", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-05T21:38:55.680", "references": [{"url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81", "source": "secalert@redhat.com"}, {"url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=abf03bc54032beeff95b1b8634cc005137e11f32", "source": "secalert@redhat.com"}, {"url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b", "source": "secalert@redhat.com"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319", "source": "secalert@redhat.com"}, {"url": "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2013/msg00001.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099438.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00087.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00091.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0590.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/52212", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/52242", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2012/dsa-2628", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:106", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/18/2", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/58007", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82175", "source": "secalert@redhat.com"}, {"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0071", "source": "secalert@redhat.com"}, {"url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=abf03bc54032beeff95b1b8634cc005137e11f32", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2013/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099438.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00087.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00091.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0590.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/52212", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/52242", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2012/dsa-2628", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:106", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/18/2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/58007", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82175", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0071", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro."}, {"lang": "es", "value": "nss-pam-ldapd before v0.7.18 y v0.8.x anterior a v0.8.11  permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario realizando una b\u00fasqueda de nombre en una aplicaci\u00f3n con un gran n\u00famero de descriptores de archivos abiertos, lo cual provoca un desbordamiento de b\u00fafer basado en pila relacionada con el uso incorrecto de la macro \"FD_SET\"."}], "lastModified": "2024-11-21T01:47:14.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8A0F0A1-22BF-49ED-A30B-73B8CDE944FD"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8339A42-2F47-49ED-BEBA-D3FB979019D8"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AD7177E-DB13-42FE-A9E8-B5EBDFD7BEA4"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27FC4C3C-81EE-4AF4-BBFE-81DAD891AD44"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DEEC0FF-FA8A-4FF1-AD32-3EFDFDC8BFC5"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84738050-FD3C-471B-91C3-BE1A081F4992"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA772BA6-C7D5-4D3A-89F7-67F76431DC85"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F586048F-2C4D-4EDF-95EA-4AE8B856429B"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B13CF6FE-E668-4A23-BB5F-92B8EB99D580"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CCEDFCE-16BB-4E09-9989-0029E9218D6C"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F228803F-F3C5-4EAB-8F0A-EC87936E02C3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "282CB342-5F1B-4610-9B20-E7D0350169AB", "versionEndIncluding": "0.7.17"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B5C5217-5A15-4214-8565-8772C7CE77E1"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E25F464-7D12-459E-94F6-79737AC5236D"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5260A9F7-2D44-4B6F-9400-84BFF184AA67"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "735C6629-0A0A-4410-B983-6D2BD838BD47"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C8F18D3-17CB-404D-86DC-EAB6ED06FD63"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23D83B1A-5064-4EB0-9FE4-00F8FF009777"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82420B2C-3642-4F11-A0AA-9E125F14CE27"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "932005E5-BDDD-4985-812C-9894C2299C34"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F57C39F-6CBC-4BB5-AE17-347D033DAB30"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "053019E4-D2D2-4688-AAC2-D2BD44CF8A9B"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FFCE672-616D-447C-8037-8601D2F9AEB9"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD6807CA-E391-4AF1-9517-ADA1DF3F9A9A"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6B260B1-9532-4588-9D1F-420FB03AB86D"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5861165B-11B0-47A3-B523-02219F812427"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8467A973-1C06-408F-8905-4A1685F1460C"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDA00A4F-BCA4-4D85-843C-A8F541DE0430"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22D4E112-66E6-4679-A471-11182C96A1E2"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "457362A3-CF56-4BBF-8FC4-78CA65D10394"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "118E6469-682A-4AF6-9D68-94052CE9D2CE"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44DCA5C8-BED1-49EF-B977-C1FBE199CC9E"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75568060-1855-401F-AA57-D8181594743A"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F13B3AF-6534-4D1E-82BC-955F2811E69C"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88331004-3E43-41CB-9F75-EE2E66B40F02"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C4B0B59-3F0A-4445-9B1E-7D2BE55A2893"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58B99408-3AEB-493A-A8ED-FF58279D3689"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B605D9E-E966-4734-8482-3647D6B5FF8A"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F13252A-4EC1-48D2-8CDF-7EBCA0E1E534"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09ABEA75-3C4D-4A0A-968C-399278503F03"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC556A00-652E-474A-ABA2-117898DC8ADB"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF32F990-1B4B-4BFC-9DB5-11B5B988E842"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C838B4FC-8F8F-4982-87C7-E8FAC23F349A"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "147049EC-BE86-42B5-881A-307895551304"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9875EA63-CA67-436A-B637-E8F6A526517C"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4238362D-B5AF-42F3-9587-FB803AFF3C79"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A5C6441-E75A-400F-B7B0-A3E5843A3EC3"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21CCE081-0AA2-44DC-A91B-8B32BC156758"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1F9B185-5A72-41E0-A6EE-DEC388B8953E"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEDDBAEE-D343-42ED-84BA-4CBE1042A78B"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07A8A3A9-F56C-4928-8DB2-20E938780DB9"}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F38DBC33-6790-4641-9C49-40B30D387885"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}