Bug 1623247

Summary: CVE-2018-14624 389-ds-base: Server crash through modify command with large DN [rhel-7.5.z]
Product: Red Hat Enterprise Linux 7 Reporter: Jaroslav Reznik <jreznik>
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.7-AltCC: dmoppert, gparente, mhonek, mreynolds, msauton, nkinder, rmeggins, sfowler, spichugi, tbordaz, vashirov
Target Milestone: rcKeywords: Security, SecurityTracking, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.7.5-27.el7_5 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1614820 Environment:
Last Closed: 2018-09-25 19:06:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1614820    
Bug Blocks: 1619450    
Deadline: 2019-08-31   

Description Jaroslav Reznik 2018-08-28 20:14:24 UTC 
This bug has been copied from bug #1614820 and has been proposed to be backported to 7.5 z-stream (EUS).
Comment 3 Doran Moppert 2018-08-30 03:28:40 UTC 
*** Bug 1623721 has been marked as a duplicate of this bug. ***
Comment 4 Viktor Ashirov 2018-08-30 12:54:59 UTC 
Build tested: 389-ds-base-1.3.7.5-27.el7_5.x86_64

Reproducer from https://bugzilla.redhat.com/show_bug.cgi?id=1614820#c7 no longer crashes the server, error messages are formatted correctly:

[30/Aug/2018:08:43:15.953873158 -0400]  - EMERG - Insufficent buffer capacity to fit timestamp and message!
[30/Aug/2018:08:43:16.087007955 -0400]  - EMERG - Insufficent buffer capacity to fit timestamp and message!
[30/Aug/2018:08:43:16.113006138 -0400]  - EMERG - Insufficent buffer capacity to fit timestamp and message!
[30/Aug/2018:08:43:16.145550284 -0400]  - EMERG - Insufficent buffer capacity to fit timestamp and message!

Marking as VERIFIED.
Comment 5 Doran Moppert 2018-08-31 00:38:12 UTC 
A change was made (new impact, public date, or CSAw status) to the security issue(s) blocked by this tracker, resulting in a new SLA deadline. This bug must now be resolved by 31-Aug-2019.

Refer to this bug's Description for information about how to resolve this bug.
Comment 7 errata-xmlrpc 2018-09-25 19:06:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2757