发布日期：2002-11-08
更新日期：2002-11-14

受影响系统：

Padl Software nss_ldap Build 194
Padl Software nss_ldap Build 192
Padl Software nss_ldap Build 191
Padl Software nss_ldap Build 190
Padl Software nss_ldap Build 189
Padl Software nss_ldap Build 188
Padl Software nss_ldap Build 187
Padl Software nss_ldap Build 186
Padl Software nss_ldap Build 185.3
Padl Software nss_ldap Build 185.2
Padl Software nss_ldap Build 185.1
Padl Software nss_ldap Build 185
Padl Software nss_ldap Build 184
Padl Software nss_ldap Build 183
Padl Software nss_ldap Build 181
Padl Software nss_ldap Build 180
Padl Software nss_ldap Build 173
Padl Software nss_ldap Build 122
Padl Software nss_ldap Build 121
Padl Software nss_ldap Build 113
Padl Software nss_ldap Build 105
Padl Software nss_ldap Build 107
    - Mandrake Linux 7.2
    - Mandrake Linux 7.1
    - Mandrake Linux 7.0
Padl Software nss_ldap Build 85
    - RedHat Linux 6.1 x86
    - RedHat Linux 6.1 sparc
    - RedHat Linux 6.1 alpha

不受影响系统：

Padl Software nss_ldap Build 202
Padl Software nss_ldap Build 199
Padl Software nss_ldap Build 198

描述：

---

BUGTRAQ  ID: 6129
CVE(CAN) ID: CVE-2002-0825

nss_ldap模块用于与LDAP服务器通信，可以查询和处理主机用户，用户组等信息的程序。

nss_ldap模块在部分配置条件下把DNS服务器返回的数据拷贝到缓冲区时缺少正确检查，远程攻击者可以利用这个漏洞通过构建恶意DNS应答，而进行缓冲区溢出攻击。

当nss_ldap对"host"参数配置成没有任何值的情况下，nss_ldap会尝试使用SRV DNS记录设置。在处理从DNS服务器返回的数据，拷贝其到内部缓冲区之前没有进行正确的长度检查。如果返回的数据超长，就会发生缓冲区溢出。攻击者如果控制DNS服务器或者发送伪造DNS应答都可能以nss_ldap进程的权限在系统上执行任意指令。

<*来源：MandrakeSoft
  
  链接：http://www.linux-mandrake.com/en/security/2002/2002-075.php
*>

建议：

---

临时解决方法：

如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁：

* 在nss_ldap配置文件"/etc/ldap.conf"中对"host"关键词设置值。

厂商补丁：

MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告（MDKSA-2002:075）以及相应补丁:
MDKSA-2002:075：nss_ldap update
链接：http://www.linux-mandrake.com/en/security/2002/2002-075.php

补丁下载：

Updated Packages:

Linux-Mandrake 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/nss_ldap-202-1.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/SRPMS/nss_ldap-202-1.2mdk.src.rpm

Mandrake Linux 8.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/nss_ldap-202-1.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/SRPMS/nss_ldap-202-1.2mdk.src.rpm

Mandrake Linux 8.0/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/nss_ldap-202-1.2mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/SRPMS/nss_ldap-202-1.2mdk.src.rpm

Mandrake Linux 8.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/nss_ldap-202-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/pam_ldap-156-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/nss_ldap-202-1.1mdk.src.rpm

Mandrake Linux 8.1/IA64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/nss_ldap-202-1.1mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/pam_ldap-156-1.1mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/SRPMS/nss_ldap-202-1.1mdk.src.rpm

Mandrake Linux 8.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/nss_ldap-202-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/pam_ldap-156-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/SRPMS/nss_ldap-202-1.1mdk.src.rpm

Mandrake Linux 8.2/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/nss_ldap-202-1.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/pam_ldap-156-1.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/SRPMS/nss_ldap-202-1.1mdk.src.rpm

Mandrake Linux 9.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/nss_ldap-202-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/pam_ldap-156-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/nss_ldap-202-1.1mdk.src.rpm

Single Network Firewall 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/RPMS/nss_ldap-202-1.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/SRPMS/nss_ldap-202-1.2mdk.src.rpm

上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载：
http://www.mandrakesecure.net/en/ftp.php

浏览次数：4812
严重程度：0（网友投票）