7.158. nss-pam-ldapd

Updated nss-pam-ldapd packages that fix three bugs are now available for Red Hat Enterprise Linux 6.
The nss-pam-ldapd packages provides the nss-pam-ldapd daemon (nslcd), which uses a directory server to look up name service information on behalf of a lightweight nsswitch module.

Bug Fixes

BZ#747281
Prior to this update, the disconnect logic contained a misprint and a failure return value was missing. This update corrects the misprint and adds the missing return value.
BZ#769289
Prior to this update, the nslcd daemon performed the idle time expiration check for the LDAP connection before starting an LDAP search operation. On a lossy network or if the LDAP server was under a heavy load, the connection could time out after the successful check and the search operation then failed. With this update, the idle time expiration test is now performed during the LDAP search operation so that the connection now no longer expires under these circumstances.
BZ#791042
Prior to this update, when the nslcd daemon requested access to a large group, a buffer provided by the glibc library could not contain such a group and retried again with a larger buffer to process the operation successfully. As a consequence, redundant error messages were logged in the /var/log/message file. This update makes sure that even when glibc provides a buffer that is too small on first attempt in the described scenario, no redundant error messages are returned.
All users of nss-pam-ldapd are advised to upgrade to these updated packages, which fix these bugs.
Updated nss-pam-ldapd packages that fix one security issue are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link associated with the description below.
The nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd), which uses a directory server to lookup name service information on behalf of a lightweight nsswitch module.

Security Fix

CVE-2013-0288
An array index error, leading to a stack-based buffer overflow flaw, was found in the way nss-pam-ldapd managed open file descriptors. An attacker able to make a process have a large number of open file descriptors and perform name lookups could use this flaw to cause the process to crash or, potentially, execute arbitrary code with the privileges of the user running the process.
Red Hat would like to thank Garth Mollett for reporting this issue.
All users of nss-pam-ldapd are advised to upgrade to these updated packages, which contain a backported patch to fix this issue.