The Schema Compatibility plugin for 389-ds-base / Directory Server, slapi-nis, can force 389-ds-base server to segfault over specially crafted Binding DN. The crash is a NULL dereference, and could be used as a Denial of Service attack.
Statement: This vulnerability affects Directory Server with the Schema Compatibility plugin "slapi-nis". To verify if an instance is configured with Schema Compatibility: $ ldapsearch -b 'cn=Schema Compatibility,cn=plugins,cn=config' -s base Red Hat Identity Management is affected by this flaw.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Created slapi-nis tracking bugs for this issue: Affects: fedora-all [bug 1961157]
Upstream fix: https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1983 https://access.redhat.com/errata/RHSA-2021:1983
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3480
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2027 https://access.redhat.com/errata/RHSA-2021:2027
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2026 https://access.redhat.com/errata/RHSA-2021:2026
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2032 https://access.redhat.com/errata/RHSA-2021:2032