Bug 44731 – openldap: Denial of service (4.2)

Bug 44731 - openldap: Denial of service (4.2)


Summary:	openldap: Denial of service (4.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P2 normal (vote)
Target Milestone:	UCS 4.2-1-errata
Assigned To:	Arvid Requate
QA Contact:	Janek Walkenhorst

URL:
Keywords:

Depends on:
Blocks:	44732
	Show dependency tree / graph

Reported:	2017-06-01 18:02 CEST by Arvid Requate
Modified:	2017-06-28 18:00 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:	6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Flags:	requate: Patch_Available+

Attachments
ITS-8655-paged-results-double-free.patch (1022 bytes, patch) 2017-06-01 18:10 CEST, Arvid Requate	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2017-06-01 18:02:39 CEST

Attached is a patch for ITS 8655:

* servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. (CVE-2017-9287)

Comment 1 Arvid Requate

2017-06-01 18:10:04 CEST

Created attachment 8896 [details]
ITS-8655-paged-results-double-free.patch

Comment 2 Arvid Requate

2017-06-21 16:35:44 CEST

Advisory: openldap.yaml

Comment 3 Janek Walkenhorst

2017-06-28 12:33:50 CEST

Tests: OK
Advisory: OK

Comment 4 Florian Best

2017-06-28 13:47:43 CEST

Please fix the test case if it's caused by this update:
http://jenkins.knut.univention.de:8080/job/UCS-4.2/job/UCS-4.2-1/job/AutotestJoin/13/SambaVersion=s4,Systemrolle=master/testReport/84_crypto/01_openssl_protocol_versions/test/

Comment 5 Janek Walkenhorst

2017-06-28 15:33:40 CEST

<http://errata.software-univention.de/ucs/4.2/60.html>

Comment 6 Arvid Requate

2017-06-28 18:00:20 CEST

> Please fix the test case if it's caused by this update:
http://jenkins.knut.univention.de:8080/job/UCS-4.2/job/UCS-4.2-1/job/AutotestJoin/13/SambaVersion=s4,Systemrolle=master/testReport/84_crypto/01_openssl_protocol_versions/test/

That's openssl