oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: slapd segfaults on certain queries with rwm overlay enabled

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 18 Oct 2013 22:35:31 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/16/2013 03:49 PM, Vincent Danen wrote:

The following was reported to us, but has already been reported 
publicly upstream.  Could a CVE be assigned to it?

It was discovered that OpenLDAP, with the rwm overlay to slapd,
could segfault if a user were able to query the directory and
immediately unbind from the server.  This seems to be due to the
rwm overlay not doing reference counting properly, so
rwm_conn_destroy frees the session context while rwm_op_search is
using it.  This condition also seems to require multiple cores/CPUs
to trigger.


References:

http://www.openldap.org/its/index.cgi/Incoming?id=7723 
https://bugzilla.redhat.com/show_bug.cgi?id=1019490

This is currently not fixed upstream.



Please use CVE-2013-4449 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSYgwTAAoJEBYNRVNeJnmTT6AP/R28qsuwa1PEK9gwGsQCN0h7
wScSfy1biQ9EVz/HkgXNHTUBiogAKRAbKX42/FWMjBzt0p5NUW1zRCJdcWfXOPZ7
dfqHPsB7XV+gAsZZNydS3AqGFqiKgTY9VBZn26V2q+RKnStfFyKnBpZJxMoYtzxS
dfse3qLREGIPwH1ljpOEaW0hpGIEnpiAoDU1kRCG2bg2GH1Wx8T7OjjcvVGGW38o
yNF0g9AYgJoLiWLxYagOjqNJeDRG6Jiu015p40Ta3AG5wrJfpx2xlW+0/PXOu+Vv
8o96LwqAtu9WO0kmAZaSF7vBcOApBceoyMHf+478Um6ZIhKhozUMpVw6QeHl6l77
saoD8rp01vrgjttKtWym/cdQM/khedTuT9JFvcHkWgKIMjd8tFp0fF+ExMMpbYt+
51Gnwrh8DZ0z4FIne9dib8vxbTkyscGGuhrlj3jmCYYd3b1E24+WpVfRkbLe9aVG
kj3ubTngaaKdlSPxoYI9qHVVnGswc57Y6WI3ZX8wgg9FLyyfmBMVc7+wINzsgIFN
i862DdNtz7B5fASLDEQGYUihcKRe+/bmiuZCHfixCiu8Hdb/3sSFr+edS+yo8AkL
H6xgwe7p4DKM4QIDAymT5zRbdntAWhcGhXFbk63y1tliChvHm+5sOz4QPw9qeKQb
9sYVfzINsHtXegCKGrvZ
=NzM8
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: