Bug 912964 (CVE-2013-0312)

Summary: CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: asharma, jgalipea, nhosoi, nkinder, rmeggins, security-response-team, tbordaz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 389-ds-base 1.3.0.4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-11 21:06:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 913228, 913229, 920325, 920326    
Bug Blocks: 912966    
Attachments:
Description Flags
revised git patch file (389-ds-base-1.2.11) rmeggins: review+

Description Vincent Danen 2013-02-20 04:56:51 UTC 
It was discovered that an anonymous (or bound) LDAP request to the 389 Directory Server could trigger a crash of the server when handling LDAP V3 control data.  If a malicious unauthenticated user were to send an LDAP request containing crafted LDAPv3 control data, they could cause the server to crash, denying service to the directory.
Comment 3 Vincent Danen 2013-02-20 17:01:56 UTC 
Acknowledgements:

This issue was discovered by Thierry Bordaz of Red Hat.
Comment 8 Noriko Hosoi 2013-02-22 22:44:39 UTC 
Created attachment 701393 [details]
revised git patch file (389-ds-base-1.2.11)

Thanks to Rich for his comments.  I modified the previous patch, which keeps the original order.
Comment 10 errata-xmlrpc 2013-03-11 18:38:54 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:0628 https://rhn.redhat.com/errata/RHSA-2013-0628.html
Comment 11 Vincent Danen 2013-03-11 20:14:39 UTC 
This was fixed upstream here:

http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=ae13e448abb0ce1dd97f0446b89d774030d9474b
Comment 12 Vincent Danen 2013-03-11 20:15:59 UTC 
Created 389-ds-base tracking bugs for this issue

Affects: epel-5 [bug 920325]
Affects: fedora-all [bug 920326]