Bug 444712 (CVE-2008-1677)

Summary: CVE-2008-1677 Directory Server: insufficient buffer size for search patterns
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: ckannan, nhosoi, nkinder, rcvalle, rmeggins
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.1.1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-22 14:41:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 182621, 443955, 444715, 444716, 444718, 445808, 445809, 445810    
Bug Blocks:    

Description Tomas Hoger 2008-04-30 08:22:40 UTC 
Nathan Kinder discovered that Red Hat / Fedora Directory Server uses fixed-size
buffer for storing regular expressions used in LDAP searches.  This buffer can
overflow when search pattern from user-supplied LDAP request is translated into
a regular expression, resulting in a slapd daemon crash, or, possibly, arbitrary
code execution.  This issue can be triggered by any user permitted to perform
LDAP searches, including anonymous user if anonymous access is permitted by ACLs
(permitted by default).

Affected versions:
Red Hat Directory Server 7.1
Red Hat Directory Server 8
Fedora Directory Server 1.1
Comment 4 Tomas Hoger 2012-03-22 14:41:29 UTC 
https://access.redhat.com/security/cve/CVE-2008-1677