Bug 1614861 - CVE-2018-10935 389-ds-base: ldapsearch with server side sort crashes the ldap server [rhel-7.5.z]
Summary: CVE-2018-10935 389-ds-base: ldapsearch with server side sort crashes the ldap...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.5
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: mreynolds
QA Contact: Viktor Ashirov
Marc Muehlfeld
URL:
Whiteboard:
Keywords: Security, SecurityTracking, ZStream
Depends On:
Blocks: CVE-2018-10935
TreeView+ depends on / blocked
 
Reported: 2018-08-10 14:47 UTC by Jaroslav Reznik
Modified: 2018-09-25 19:06 UTC (History)
14 users (show)

(edit)
When a server-side control contains a matching rule, Directory Server fails to use the rule to index the values of the attributes. In this situation, the indexed keys are set to NULL. Previously, the server failed with a NULL pointer exception when comparing keys set to NULL. With this update, Directory Server verifies whether indexed values are NULL before comparing them. As a result, the server now returns an LDAP_OPERATION_ERROR message if it fails to index values.
Clone Of: 1607078
(edit)
Last Closed: 2018-09-25 19:06:11 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2757 None None None 2018-09-25 19:06 UTC

Description Jaroslav Reznik 2018-08-10 14:47:12 UTC
This bug has been copied from bug #1607078 and has been proposed to be backported to 7.5 z-stream (EUS).

Comment 6 Viktor Ashirov 2018-08-28 13:03:28 UTC
Build tested: 389-ds-base-1.3.7.5-26.el7_5.x86_64

Search with server side sort no longer crashes the server, but it doesn't return sorted results per matching rule (bz1615163):

[root@server ds]# ldapsearch -xLLL -D cn=Directory\ Manager -w Secret123 -b cn=users,cn=accounts,dc=ipa,dc=test -E sss=uid:2.5.13.3 "(uid=tuser*)" uid | grep uid:
uid: tuser2
uid: tuser3
uid: tuser
[root@server ds]# ldapsearch -xLLL -D cn=Directory\ Manager -w Secret123 -b cn=users,cn=accounts,dc=ipa,dc=test -E sss=-uid:2.5.13.3 "(uid=tuser*)" uid | grep uid:
uid: tuser2
uid: tuser3
uid: tuser


Marking as VERIFIED.

Comment 8 errata-xmlrpc 2018-09-25 19:06:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2757


Note You need to log in before you can comment on or make changes to this bug.