Bug 202691

Summary: CVE-2006-1470 OpenLDAP Denial of Service
Product: [Fedora] Fedora Reporter: Mark J. Cox <mjc>
Component: openldapAssignee: Jay Fenlason <fenlason>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 6CC: jfeeney
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: source=cve,reported=20060627,impact=important,public=20060627
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-12 17:03:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark J. Cox 2006-08-15 20:39:34 UTC
Needed for FC6

+++ This bug was initially created as a clone of Bug #197278 +++

OpenLDAP Denial of Service

A denial of service bug was found in the way OpenLDAP processes
certain messages.  It is possible for an unauthenticated remote
attacker to crash the OpenLDAP slapd server.

The original advisories are here:

http://labs.musecurity.com/advisories/MU-200606-02.txt
http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html

This issue also affects FC4

-- Additional comment from mjc on 2006-08-15 10:39 EST --

Mu Security reported a denial-of-service vulnerability in Mac OS X's
OpenLDAP slapd.  The issue was caused by assertions in the message
processing code--- some "default:" labels were handled with "assert()".
This is the kind of thing:

servers/slapd/connection.c
   1087         case LDAP_REQ_EXTENDED:
   1088                 INCR_OP(num_ops_initiated_, SLAP_OP_EXTENDED);
   1089                 rc = do_extended( op, &rs );
   1090                 break;
   1091
   1092         default:
   1093                 /* not reachable */
   1094                 assert( 0 );
   1095         }
   1096
   1097 operations_error:


Affected versions include at least 2.2.19 and 2.3.24.

Comment 2 Jay Fenlason 2006-09-12 17:03:10 UTC
The code in FC6 is not vulnerable to this issue.