Bug 787014 (CVE-2012-0833)

Summary: CVE-2012-0833 389: denial of service when using certificate groups
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jgalipea, rmeggins, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
see https://bugzilla.redhat.com/show_bug.cgi?id=781519
 Story Points: ---
Clone Of:
: 890944 (view as bug list) Environment:
Last Closed: 2015-08-22 06:24:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 781519, 890944    
Bug Blocks: 784298, 790261    

Description Vincent Danen 2012-02-02 22:03:00 UTC 
A flaw was found [1] in the way 389 handled certificate groups with authentication.  If a 389 server were configured to use certificate groups, and had an aci that included a certificate group, it would be possible a remote, authenticated user to cause 389 to enter an infinite loop and consume all available CPU, causing it to stop responding to further requests.

This has been resolved in upstream git [2].

[1] https://fedorahosted.org/389/ticket/162
[2] https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base
Comment 3 Kurt Seifried 2012-02-03 08:51:57 UTC 
Corrected CVE typo
Comment 7 Murray McAllister 2012-06-15 12:08:10 UTC 
Acknowledgements:

Red Hat would like to thank Graham Leggett for reporting this issue.
Comment 8 errata-xmlrpc 2012-06-20 07:13:12 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0813 https://rhn.redhat.com/errata/RHSA-2012-0813.html
Comment 10 Vincent Danen 2013-02-21 16:14:15 UTC 
Statement:

(none)
Comment 11 errata-xmlrpc 2013-02-21 19:04:19 UTC 
This issue has been addressed in following products:

  Red Hat Directory Server 8 for RHEL 5

Via RHSA-2013:0549 https://rhn.redhat.com/errata/RHSA-2013-0549.html