389-ds DoS due to improper handling of ger attr searches (CVE-2013-4485)

[Vincent Danen <vdanen () redhat com>]

A flaw in how 389-ds-base and Red Hat Directory Server handled the
checking of access rights on entries using GER (Get Effective Rights), a
way to extend directory searches to also display what access rights a
user has to a specified entry.  When an attribute list is given in the
search request, and if there are several attributes whose names contain
the '@' character, 389-ds-base and Red Hat Directory Server would crash.
An attacker able to contact the server would be able to submit this type
of search request with no authentication required.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4485


(Obviously no CVE is required, posting here as this was previously sent
to the distros@ mailing list)

--
Vincent Danen / Red Hat Security Response Team