Bug 604783 (CVE-2010-2222)

Summary: CVE-2010-2222 redhat-ds/389: null deref in _ger_parse_control() for subjectdn can crash server
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: dpal, rcritten, rmeggins, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-22 10:49:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 603942    
Bug Blocks: 1248117    
Description Flags
patch to correct the flaw none

Description Vincent Danen 2010-06-16 17:59:32 UTC
A vulnerability in Red Hat Directory Server and the 389 Directory Server was discovered.  The code that parses the GER request (_ger_parse_control()) can dereference a NULL pointer.  An unauthenticated user able to communicate with the Directory Server could use a crafted search query that would cause the Directory Server to crash.

This issue has been assigned the name CVE-2010-2222.

Comment 2 Vincent Danen 2010-06-16 18:06:12 UTC
Created attachment 424540 [details]
patch to correct the flaw

Comment 3 Tomas Hoger 2010-07-01 18:56:24 UTC
Lifting embargo.

This bug was only introduced recently in the following commit:

Therefore, this issue did not affect any released version of Red Hat Directory Server.

Comment 4 Tomas Hoger 2010-07-02 06:52:20 UTC
(In reply to comment #2)
> Created an attachment (id=424540) [details]
> patch to correct the flaw    

Committed to git: