发布日期：2002-11-08
更新日期：2002-11-15

受影响系统：

Padl Software nss_ldap Build 194
Padl Software nss_ldap Build 192
Padl Software nss_ldap Build 191
Padl Software nss_ldap Build 190
Padl Software nss_ldap Build 189
Padl Software nss_ldap Build 188
Padl Software nss_ldap Build 187
Padl Software nss_ldap Build 186
Padl Software nss_ldap Build 185.3
Padl Software nss_ldap Build 185.2
Padl Software nss_ldap Build 185.1
Padl Software nss_ldap Build 185
Padl Software nss_ldap Build 184
Padl Software nss_ldap Build 183
Padl Software nss_ldap Build 181
Padl Software nss_ldap Build 180
Padl Software nss_ldap Build 173
Padl Software nss_ldap Build 122
Padl Software nss_ldap Build 121
Padl Software nss_ldap Build 113
Padl Software nss_ldap Build 105
Padl Software nss_ldap Build 107
    - Mandrake Linux 7.2
    - Mandrake Linux 7.1
    - Mandrake Linux 7.0
Padl Software nss_ldap Build 85
    - RedHat Linux 6.1 x86
    - RedHat Linux 6.1 sparc
    - RedHat Linux 6.1 alpha

不受影响系统：

Padl Software nss_ldap Build 202
Padl Software nss_ldap Build 199
Padl Software nss_ldap Build 198

描述：

---

BUGTRAQ  ID: 6130
CVE(CAN) ID: CVE-2002-0825

nss_ldap模块用于与LDAP服务器通信，可以查询和处理主机用户，用户组等信息的程序。

nss_ldap模块错误验证被截断的DNS查询应答，远程攻击者可以利用这个漏洞进行拒绝服务攻击。

nss_ldap没有正确检查由DNS查询返回而且被截断的应答数据，当处理截断的查询应答时可导致nss_ldap读取合法内存以外的地址，这将使nss_ldap崩溃，产生拒绝服务。看起来不能利用来执行任意指令，不过没有得到证实。

<*来源：MandrakeSoft
  
  链接：http://www.linux-mandrake.com/en/security/2002/2002-075.php
*>

建议：

---

厂商补丁：

MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告（MDKSA-2002:075）以及相应补丁:
MDKSA-2002:075：nss_ldap update
链接：http://www.linux-mandrake.com/en/security/2002/2002-075.php

补丁下载：

Updated Packages:

Linux-Mandrake 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/nss_ldap-202-1.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/SRPMS/nss_ldap-202-1.2mdk.src.rpm

Mandrake Linux 8.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/nss_ldap-202-1.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/SRPMS/nss_ldap-202-1.2mdk.src.rpm

Mandrake Linux 8.0/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/nss_ldap-202-1.2mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/SRPMS/nss_ldap-202-1.2mdk.src.rpm

Mandrake Linux 8.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/nss_ldap-202-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/pam_ldap-156-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/nss_ldap-202-1.1mdk.src.rpm

Mandrake Linux 8.1/IA64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/nss_ldap-202-1.1mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/pam_ldap-156-1.1mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/SRPMS/nss_ldap-202-1.1mdk.src.rpm

Mandrake Linux 8.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/nss_ldap-202-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/pam_ldap-156-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/SRPMS/nss_ldap-202-1.1mdk.src.rpm

Mandrake Linux 8.2/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/nss_ldap-202-1.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/pam_ldap-156-1.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/SRPMS/nss_ldap-202-1.1mdk.src.rpm

Mandrake Linux 9.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/nss_ldap-202-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/pam_ldap-156-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/nss_ldap-202-1.1mdk.src.rpm

Single Network Firewall 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/RPMS/nss_ldap-202-1.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/SRPMS/nss_ldap-202-1.2mdk.src.rpm

上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载：
http://www.mandrakesecure.net/en/ftp.php

浏览次数：3214
严重程度：0（网友投票）