Bug 1944640 (CVE-2021-3480) - CVE-2021-3480 slapi-nis: NULL dereference (DoS) with specially crafted Binding DN
Summary: CVE-2021-3480 slapi-nis: NULL dereference (DoS) with specially crafted Bindin...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-3480
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1942937 1944713 1947349 1947350 1947351 1949955 1961157
Blocks: 1944164 1944845
TreeView+ depends on / blocked
 
Reported: 2021-03-30 11:49 UTC by Cedric Buissart
Modified: 2022-05-17 12:57 UTC (History)
7 users (show)

Fixed In Version: slapi-nis 0.56.7
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in slapi-nis. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2021-05-18 20:38:40 UTC
Embargoed:

Attachments (Terms of Use)

Description Cedric Buissart 2021-03-30 11:49:19 UTC 
The Schema Compatibility plugin for 389-ds-base / Directory Server, slapi-nis, can force 389-ds-base server to segfault over specially crafted Binding DN.

The crash is a NULL dereference, and could be used as a Denial of Service attack.
Comment 10 Eric Christensen 2021-04-08 13:31:39 UTC 
Statement:

This vulnerability affects Directory Server with the Schema Compatibility plugin "slapi-nis". To verify if an instance is configured with Schema Compatibility: 
$ ldapsearch -b 'cn=Schema Compatibility,cn=plugins,cn=config' -s base

Red Hat Identity Management is affected by this flaw.
Comment 17 Cedric Buissart 2021-05-03 15:36:48 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 18 Cedric Buissart 2021-05-17 11:33:38 UTC 
Created slapi-nis tracking bugs for this issue:

Affects: fedora-all [bug 1961157]
Comment 19 Cedric Buissart 2021-05-18 07:33:35 UTC 
Upstream fix:
https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master
Comment 20 errata-xmlrpc 2021-05-18 18:53:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1983 https://access.redhat.com/errata/RHSA-2021:1983
Comment 21 Product Security DevOps Team 2021-05-18 20:38:40 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3480
Comment 22 errata-xmlrpc 2021-05-19 08:41:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:2027 https://access.redhat.com/errata/RHSA-2021:2027
Comment 23 errata-xmlrpc 2021-05-19 09:57:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:2026 https://access.redhat.com/errata/RHSA-2021:2026
Comment 24 errata-xmlrpc 2021-05-19 10:25:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:2032 https://access.redhat.com/errata/RHSA-2021:2032
Note You need to log in before you can comment on or make changes to this bug.