The code that parses the GER request can dereference a NULL pointer
Created attachment 424011 [details] 0001-Bug-603942-null-deref-in-_ger_parse_control-for.patch
This has been assigned CVE-2010-2222.
Adding Dmitry as ALT Linux does ship 389.
Further investigation showed this bug was only introduced very recently in the following commit from Apr 2010: http://git.fedorahosted.org/git/?p=389/ds.git;a=commitdiff;h=78c50664d6#patch10 Therefore, this issue does not affect any released version of Red Hat Directory Server and only affects versions of 389 Directory Server in Fedora updates-testing. Due to that, we'd like to make it public asap and do fixed 389 builds for Fedora. Dmitry, does that work fine for you too, or do you need some more time to work on ALT updates?
(In reply to comment #20) > Dmitry, does that work fine for you too, or do you need some more time to work > on ALT updates? It's OK for us, too.
So, ok to open this bug and lift the embargo? I would like to commit this upstream asap.
Making bug public.
To ssh://git.fedorahosted.org/git/389/ds.git c28fcad..82625eb Directory_Server_8_2_Branch -> Directory_Server_8_2_Branch commit 82625ebf670c0f234e8bcbf18420e84b325e359e Author: Rich Megginson <rmeggins> Date: Mon Jun 14 20:25:18 2010 -0600 Reviewed by: nkinder (Thanks!) Branch: Directory_Server_8_2_Branch Fix Description: Needed to pass &orig to ber_scanf 'a' instead of orig. Als Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no 1a47871..8632731 master -> master commit 8632731df33fc3a91eb3cfecfb9c63d56cff23e8 Author: Rich Megginson <rmeggins> Date: Mon Jun 14 20:25:18 2010 -0600 Branch: HEAD
(In reply to comment #24) > To ssh://git.fedorahosted.org/git/389/ds.git > c28fcad..82625eb Directory_Server_8_2_Branch -> Directory_Server_8_2_Branch > commit 82625ebf670c0f234e8bcbf18420e84b325e359e http://git.fedorahosted.org/git/?p=389/ds.git;a=commitdiff;h=82625ebf67
*** Bug 601946 has been marked as a duplicate of this bug. ***