{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-18T00:00:00", "descriptions": [{"lang": "en", "value": "nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288"}, {"name": "RHSA-2013:0590", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0590.html"}, {"name": "58007", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/58007"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319"}, {"name": "DSA-2628", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2628"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81"}, {"name": "[oss-security] 20130218 CVE-2013-0288 nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/02/18/2"}, {"name": "FEDORA-2013-2754", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099438.html"}, {"name": "52212", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52212"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b"}, {"name": "52242", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52242"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=abf03bc54032beeff95b1b8634cc005137e11f32"}, {"name": "MDVSA-2013:106", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:106"}, {"name": "[nss-pam-ldapd-announce] 20130218 nss-pam-ldapd security advisory (CVE-2013-0288)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2013/msg00001.html"}, {"name": "nsspamldapd-fdsetsize-bo(82175)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82175"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0071"}, {"name": "openSUSE-SU-2013:0522", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00087.html"}, {"name": "openSUSE-SU-2013:0524", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00091.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0288", "datePublished": "2013-03-04T21:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "E8A0F0A1-22BF-49ED-A30B-73B8CDE944FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "A8339A42-2F47-49ED-BEBA-D3FB979019D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1AD7177E-DB13-42FE-A9E8-B5EBDFD7BEA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "27FC4C3C-81EE-4AF4-BBFE-81DAD891AD44", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "7DEEC0FF-FA8A-4FF1-AD32-3EFDFDC8BFC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "84738050-FD3C-471B-91C3-BE1A081F4992", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "EA772BA6-C7D5-4D3A-89F7-67F76431DC85", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "F586048F-2C4D-4EDF-95EA-4AE8B856429B", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "B13CF6FE-E668-4A23-BB5F-92B8EB99D580", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "9CCEDFCE-16BB-4E09-9989-0029E9218D6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "F228803F-F3C5-4EAB-8F0A-EC87936E02C3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:*:*:*:*:*:*:*:*", "matchCriteriaId": "282CB342-5F1B-4610-9B20-E7D0350169AB", "versionEndIncluding": "0.7.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6B5C5217-5A15-4214-8565-8772C7CE77E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7E25F464-7D12-459E-94F6-79737AC5236D", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5260A9F7-2D44-4B6F-9400-84BFF184AA67", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.3:*:*:*:*:*:*:*", "matchCriteriaId": "735C6629-0A0A-4410-B983-6D2BD838BD47", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8C8F18D3-17CB-404D-86DC-EAB6ED06FD63", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "23D83B1A-5064-4EB0-9FE4-00F8FF009777", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "82420B2C-3642-4F11-A0AA-9E125F14CE27", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "932005E5-BDDD-4985-812C-9894C2299C34", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F57C39F-6CBC-4BB5-AE17-347D033DAB30", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "053019E4-D2D2-4688-AAC2-D2BD44CF8A9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "4FFCE672-616D-447C-8037-8601D2F9AEB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "AD6807CA-E391-4AF1-9517-ADA1DF3F9A9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "A6B260B1-9532-4588-9D1F-420FB03AB86D", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "5861165B-11B0-47A3-B523-02219F812427", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "8467A973-1C06-408F-8905-4A1685F1460C", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "CDA00A4F-BCA4-4D85-843C-A8F541DE0430", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "22D4E112-66E6-4679-A471-11182C96A1E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "457362A3-CF56-4BBF-8FC4-78CA65D10394", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "118E6469-682A-4AF6-9D68-94052CE9D2CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "44DCA5C8-BED1-49EF-B977-C1FBE199CC9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "75568060-1855-401F-AA57-D8181594743A", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "8F13B3AF-6534-4D1E-82BC-955F2811E69C", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "88331004-3E43-41CB-9F75-EE2E66B40F02", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C4B0B59-3F0A-4445-9B1E-7D2BE55A2893", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "58B99408-3AEB-493A-A8ED-FF58279D3689", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "9B605D9E-E966-4734-8482-3647D6B5FF8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "8F13252A-4EC1-48D2-8CDF-7EBCA0E1E534", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "09ABEA75-3C4D-4A0A-968C-399278503F03", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "EC556A00-652E-474A-ABA2-117898DC8ADB", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "AF32F990-1B4B-4BFC-9DB5-11B5B988E842", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "C838B4FC-8F8F-4982-87C7-E8FAC23F349A", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "147049EC-BE86-42B5-881A-307895551304", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "9875EA63-CA67-436A-B637-E8F6A526517C", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "4238362D-B5AF-42F3-9587-FB803AFF3C79", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.11:*:*:*:*:*:*:*", "matchCriteriaId": "1A5C6441-E75A-400F-B7B0-A3E5843A3EC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.12:*:*:*:*:*:*:*", "matchCriteriaId": "21CCE081-0AA2-44DC-A91B-8B32BC156758", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.13:*:*:*:*:*:*:*", "matchCriteriaId": "E1F9B185-5A72-41E0-A6EE-DEC388B8953E", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.14:*:*:*:*:*:*:*", "matchCriteriaId": "BEDDBAEE-D343-42ED-84BA-4CBE1042A78B", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.15:*:*:*:*:*:*:*", "matchCriteriaId": "07A8A3A9-F56C-4928-8DB2-20E938780DB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:arthurdejong:nss-pam-ldapd:0.7.16:*:*:*:*:*:*:*", "matchCriteriaId": "F38DBC33-6790-4641-9C49-40B30D387885", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro."}, {"lang": "es", "value": "nss-pam-ldapd before v0.7.18 y v0.8.x anterior a v0.8.11 permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario realizando una b\u00fasqueda de nombre en una aplicaci\u00f3n con un gran n\u00famero de descriptores de archivos abiertos, lo cual provoca un desbordamiento de b\u00fafer basado en pila relacionada con el uso incorrecto de la macro \"FD_SET\"."}], "id": "CVE-2013-0288", "lastModified": "2023-02-13T04:41:03.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-05T21:38:55.680", "references": [{"source": "secalert@redhat.com", "url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81"}, {"source": "secalert@redhat.com", "url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=abf03bc54032beeff95b1b8634cc005137e11f32"}, {"source": "secalert@redhat.com", "url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b"}, {"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319"}, {"source": "secalert@redhat.com", "url": "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2013/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099438.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00087.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00091.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0590.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/52212"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52242"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2012/dsa-2628"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:106"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/02/18/2"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/58007"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82175"}, {"source": "secalert@redhat.com", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0071"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}