このコンテンツは選択した言語では利用できません。

7.158. nss-pam-ldapd


Updated nss-pam-ldapd packages that fix three bugs are now available for Red Hat Enterprise Linux 6.
The nss-pam-ldapd packages provides the nss-pam-ldapd daemon (nslcd), which uses a directory server to look up name service information on behalf of a lightweight nsswitch module.

Bug Fixes

BZ#747281
Prior to this update, the disconnect logic contained a misprint and a failure return value was missing. This update corrects the misprint and adds the missing return value.
BZ#769289
Prior to this update, the nslcd daemon performed the idle time expiration check for the LDAP connection before starting an LDAP search operation. On a lossy network or if the LDAP server was under a heavy load, the connection could time out after the successful check and the search operation then failed. With this update, the idle time expiration test is now performed during the LDAP search operation so that the connection now no longer expires under these circumstances.
BZ#791042
Prior to this update, when the nslcd daemon requested access to a large group, a buffer provided by the glibc library could not contain such a group and retried again with a larger buffer to process the operation successfully. As a consequence, redundant error messages were logged in the /var/log/message file. This update makes sure that even when glibc provides a buffer that is too small on first attempt in the described scenario, no redundant error messages are returned.
All users of nss-pam-ldapd are advised to upgrade to these updated packages, which fix these bugs.
Updated nss-pam-ldapd packages that fix one security issue are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link associated with the description below.
The nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd), which uses a directory server to lookup name service information on behalf of a lightweight nsswitch module.

Security Fix

CVE-2013-0288
An array index error, leading to a stack-based buffer overflow flaw, was found in the way nss-pam-ldapd managed open file descriptors. An attacker able to make a process have a large number of open file descriptors and perform name lookups could use this flaw to cause the process to crash or, potentially, execute arbitrary code with the privileges of the user running the process.
Red Hat would like to thank Garth Mollett for reporting this issue.
All users of nss-pam-ldapd are advised to upgrade to these updated packages, which contain a backported patch to fix this issue.
Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.