Richard Megginson identified multiple memory leaks affecting Red Hat Directory Server and Fedora Directory Server. These issues may possibly be triggered by unauthenticated remote attackers with access to LDAP port. An attacker can cause Directory Server to use excessive amount of memory, and possibly crash or terminate unexpectedly when running out of available memory. Memory leaks that can be triggered by an anonymous user occur during authentication / bind phase, or in (anonymous) LDAP search requests.
Red Hat Directory Server 7.1, 8.0
Fedora Directory Server 1.1.1 and earlier
See the dependency tree for bugs related to the individual issues.
bug has been verified during last RHDS errata release. No additional test necessary in IPA errata release.
fedora-ds-base-1.1.2-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
fedora-ds-base-1.1.2-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This was addressed via:
Red Hat Directory Server 7.1 (for AS v. 3) (RHSA-2008:0596)
Red Hat Directory Server 8.0 (for AS v. 4) (RHSA-2008:0602)
Red Hat Directory Server 8 (for RHEL 5 Server) (RHSA-2008:0602)
Red Hat IPA 1 for RHEL 5 Server (RHSA-2008:0858