Bug 1190644 (CVE-2015-1546)

Summary: CVE-2015-1546 openldap: slapd crash in valueReturnFilter cleanup
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: cdewolf, dandread, darran.lofthouse, ebenes, fnasser, grocha, huwang, jason.greene, jawilson, jsynacek, jv+fedora, lgao, myarboro, pgier, phracek, pslavice, rmeggins, rsvoboda, scorneli, slawomir, vtunka
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-06-19 12:52:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1190646    
Bug Blocks: 1190647    

Description Vasyl Kaigorodov 2015-02-09 10:41:42 UTC
It was reported [1] that certain queries cause slapd to crash while freeing operation controls.
Upstream report: http://www.openldap.org/its/?findid=8046
Upstream patch: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991

Comment 1 Vasyl Kaigorodov 2015-02-09 10:42:24 UTC
Created openldap tracking bugs for this issue:

Affects: fedora-all [bug 1190646]

Comment 4 Stefan Cornelius 2020-03-05 15:47:28 UTC

Although we do ship the vulnerable function, the attack vector demonstrated in the original report does not apply to us, as we've never backported the patch that introduces this particular attack vector. We're currently unaware of an attack vector that applies to us.

Red Hat Product Security has rated this issue as having a security impact of Moderate. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.