DSA-2628-1 nss-pam-ldapd -- buffer overflowID: oval:org.secpod.oval:def:600971 | Date: (C)2013-02-19 (M)2023-02-20 |
Class: PATCH | Family: unix |
Garth Mollett discovered that a file descriptor overflow issue in the use of FD_SET in nss-pam-ldapd, which provides NSS and PAM modules for using LDAP as a naming service, can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary code.