Bug 670914 (CVE-2011-0019)

Summary: CVE-2011-0019 Directory Server: crash with multiple simple paged result searches
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jlieskov, mjc, nkinder, rmeggins, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: public=20110222,reported=20110113,source=researcher,impact=moderate,cvss2=3.3/AV:A/AC:L/Au:N/C:N/I:N/A:P,directory_server_8/Directory Server=affected,fedora-all/389-ds=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-04-19 09:59:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 666076, 670922, 679495    
Bug Blocks:    

Description Vincent Danen 2011-01-19 16:41:59 UTC
A flaw was found in the way that the Red Hat Directory Server handled simple paged result searches.  If an unauthenticated user were able to send multiple simple paged search requests to Directory Server, it could cause the server to crash.

Comment 1 Vincent Danen 2011-01-19 16:43:48 UTC
The 'upstream' bug is bug #666076.

Comment 5 Jan Lieskovsky 2011-02-22 17:08:18 UTC
Upstream bug report:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=666076

Comment 6 errata-xmlrpc 2011-02-22 17:46:06 UTC
This issue has been addressed in following products:

  Red Hat Directory Server 8 for RHEL 4
  Red Hat Directory Server 8 for RHEL 5

Via RHSA-2011:0293 https://rhn.redhat.com/errata/RHSA-2011-0293.html