LDM Security Notices

Table of Contents

• xdr_array() vulnerability

• xdrmem_getbytes() vulnerability

The LDM might be vulnerable to an attack based on a particular implementation of the function xdr_array() in the XDR library. Information on this vulnerability may be found at http://www.cert.org/advisories/CA-2002-25.html.

The above link also contains information on fixing the vulnerability.

This vulnerability is mitigated by the following:

1. Only sites that have ALLOW entries in your LDM configuration file can exploit this security hole.
2. On UNIX systems (for which the LDM is designed) the remote LDM must be installed by the superuser to use the LDM's reserved port.

The LDM might be vulnerable to an attack based on a particular implementation of the function xdrmem_getbytes() in the XDR library. Information on this vulnerability may be found at http://www.cert.org/advisories/CA-2003-10.html.

The above link also contains information on fixing the vulnerability.

This vulnerability is mitigated by the following:

1. Only sites that have ALLOW entries in your LDM configuration file can exploit this security hole.
2. On UNIX systems (for which the LDM is designed) the remote LDM must be installed by the superuser to use the LDM's reserved port.