Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1381481 - (CVE-2017-2591) CVE-2017-2591 389-ds-base: Heap buffer overflow in uiduniq.c
CVE-2017-2591 389-ds-base: Heap buffer overflow in uiduniq.c
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20160913,reported=2...
: Security
Depends On: 1381483
Blocks: 1381482
  Show dependency treegraph
 
Reported: 2016-10-04 04:58 EDT by Adam Mariš
Modified: 2017-01-19 09:42 EST (History)
8 users (show)

See Also:
Fixed In Version: 389-ds-base 1.3.6
Doc Type: If docs needed, set a value
Doc Text:
It was found that the uniqueness_entry_to_config() function, used by the "attribute uniqueness" plugin of 389 Directory Server, did not properly NULL terminate an array used in some configuration. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-01-19 05:59:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Adam Mariš 2016-10-04 04:58:22 EDT 
The "attribute uniqueness" plugin did not properly NULL-terminate an array when building up its configuration, if a so called 'old-style' configuration, was being used (Using nsslapd-pluginarg<X> parameters) .

A attacker, authenticated, but possibly also unauthenticated, could possibly force the plugin to read beyond allocated memory and trigger a segfault.

The crash could also possibly be triggered accidentally.

Upstream patch :https://fedorahosted.org/389/changeset/ffda694dd622b31277da07be76d3469fad86150f/
Affected versions : from 1.3.4.0

Fixed version : 1.3.6

Upstream bug report : https://fedorahosted.org/389/ticket/48986
Comment 1 Adam Mariš 2016-10-04 05:01:26 EDT 
Created 389-ds-base tracking bugs for this issue:

Affects: fedora-all [bug 1381483]
Comment 2 Noriko Hosoi 2016-11-14 17:07:51 EST 
Fixed in 389-ds-base-1.3.6 and newer.

Note: 389-ds-base-1.3.6 is available for F26 (current rawhide).
Comment 9 Cedric Buissart 2017-01-19 05:56:20 EST 
Statement:

Red Hat Product Security has rated this issue as having Low security
impact, a future update may address this flaw.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.