Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1614861 - CVE-2018-10935 389-ds-base: ldapsearch with server side sort crashes the ldap server [rhel-7.5.z]
CVE-2018-10935 389-ds-base: ldapsearch with server side sort crashes the ldap...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
7.5
x86_64 Linux
medium Severity medium
: rc
: ---
Assigned To: mreynolds
Viktor Ashirov
Marc Muehlfeld
: Security, SecurityTracking, ZStream
Depends On:
Blocks: CVE-2018-10935
  Show dependency treegraph
 
Reported: 2018-08-10 10:47 EDT by Jaroslav Reznik
Modified: 2018-09-25 15:06 EDT (History)
14 users (show)

See Also:
Fixed In Version: 389-ds-base-1.3.7.5-26.el7_5
Doc Type: Bug Fix
Doc Text:
When a server-side control contains a matching rule, Directory Server fails to use the rule to index the values of the attributes. In this situation, the indexed keys are set to NULL. Previously, the server failed with a NULL pointer exception when comparing keys set to NULL. With this update, Directory Server verifies whether indexed values are NULL before comparing them. As a result, the server now returns an LDAP_OPERATION_ERROR message if it fails to index values.
Story Points: ---
Clone Of: 1607078
Environment:
Last Closed: 2018-09-25 15:06:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2757 None None None 2018-09-25 15:06 EDT

  None (edit)
Description Jaroslav Reznik 2018-08-10 10:47:12 EDT 
This bug has been copied from bug #1607078 and has been proposed to be backported to 7.5 z-stream (EUS).
Comment 6 Viktor Ashirov 2018-08-28 09:03:28 EDT 
Build tested: 389-ds-base-1.3.7.5-26.el7_5.x86_64

Search with server side sort no longer crashes the server, but it doesn't return sorted results per matching rule (bz1615163):

[root@server ds]# ldapsearch -xLLL -D cn=Directory\ Manager -w Secret123 -b cn=users,cn=accounts,dc=ipa,dc=test -E sss=uid:2.5.13.3 "(uid=tuser*)" uid | grep uid:
uid: tuser2
uid: tuser3
uid: tuser
[root@server ds]# ldapsearch -xLLL -D cn=Directory\ Manager -w Secret123 -b cn=users,cn=accounts,dc=ipa,dc=test -E sss=-uid:2.5.13.3 "(uid=tuser*)" uid | grep uid:
uid: tuser2
uid: tuser3
uid: tuser


Marking as VERIFIED.
Comment 8 errata-xmlrpc 2018-09-25 15:06:11 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2757
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.