Upstream information
Description
nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 6.8 |
Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
SUSE Security Advisories:
- openSUSE-SU-2013:0522-1, published Fri, 22 Mar 2013 21:04:49 +0100 (CET)
- openSUSE-SU-2013:0522-2, published Fri, 22 Mar 2013 22:04:41 +0100 (CET)
- openSUSE-SU-2013:0524-1, published Fri, 22 Mar 2013 23:04:49 +0100 (CET)
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 13:17:39 2013CVE page last modified: Mon Feb 13 11:40:30 2023