Bug 1614861

Summary: CVE-2018-10935 389-ds-base: ldapsearch with server side sort crashes the ldap server [rhel-7.5.z]
Product: Red Hat Enterprise Linux 7 Reporter: Jaroslav Reznik <jreznik>
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: medium    
Version: 7.5CC: bob.yal, cbuissar, dmoppert, mhonek, mreynolds, msauton, nkinder, rmeggins, scorneli, sfowler, spichugi, tbordaz, toneata, vashirov
Target Milestone: rcKeywords: Security, SecurityTracking, ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.7.5-26.el7_5 Doc Type: Bug Fix
Doc Text:
When a server-side control contains a matching rule, Directory Server fails to use the rule to index the values of the attributes. In this situation, the indexed keys are set to NULL. Previously, the server failed with a NULL pointer exception when comparing keys set to NULL. With this update, Directory Server verifies whether indexed values are NULL before comparing them. As a result, the server now returns an LDAP_OPERATION_ERROR message if it fails to index values.
Story Points: ---
Clone Of: 1607078 Environment:
Last Closed: 2018-09-25 19:06:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 1613606    

Description Jaroslav Reznik 2018-08-10 14:47:12 UTC
This bug has been copied from bug #1607078 and has been proposed to be backported to 7.5 z-stream (EUS).

Comment 6 Viktor Ashirov 2018-08-28 13:03:28 UTC
Build tested: 389-ds-base-1.3.7.5-26.el7_5.x86_64

Search with server side sort no longer crashes the server, but it doesn't return sorted results per matching rule (bz1615163):

[root@server ds]# ldapsearch -xLLL -D cn=Directory\ Manager -w Secret123 -b cn=users,cn=accounts,dc=ipa,dc=test -E sss=uid:2.5.13.3 "(uid=tuser*)" uid | grep uid:
uid: tuser2
uid: tuser3
uid: tuser
[root@server ds]# ldapsearch -xLLL -D cn=Directory\ Manager -w Secret123 -b cn=users,cn=accounts,dc=ipa,dc=test -E sss=-uid:2.5.13.3 "(uid=tuser*)" uid | grep uid:
uid: tuser2
uid: tuser3
uid: tuser


Marking as VERIFIED.

Comment 8 errata-xmlrpc 2018-09-25 19:06:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2757