Bug 603942 - CVE-2010-2222 redhat-ds: null deref in _ger_parse_control() for subjectdn can crash server
CVE-2010-2222 redhat-ds: null deref in _ger_parse_control() for subjectdn can...
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Security - Access Control (GER) (Show other bugs)
1.2.6
All Linux
high Severity high
: ---
: ---
Assigned To: Rich Megginson
Viktor Ashirov
http://dhcp47-145.lab.bos.redhat.com:...
:
: 601946 (view as bug list)
Depends On:
Blocks: 434914 389_1.2.6 CVE-2010-2222
  Show dependency treegraph
 
Reported: 2010-06-14 19:19 EDT by Rich Megginson
Modified: 2015-12-07 11:45 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 11:45:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
0001-Bug-603942-null-deref-in-_ger_parse_control-for.patch (1.79 KB, patch)
2010-06-14 22:26 EDT, Rich Megginson
nkinder: review+
Details | Diff

  None (edit)
Description Rich Megginson 2010-06-14 19:19:24 EDT
The code that parses the GER request can dereference a NULL pointer
Comment 1 Rich Megginson 2010-06-14 22:26:07 EDT
Created attachment 424011 [details]
0001-Bug-603942-null-deref-in-_ger_parse_control-for.patch
Comment 9 Vincent Danen 2010-06-16 11:41:01 EDT
This has been assigned CVE-2010-2222.
Comment 10 Vincent Danen 2010-06-16 13:42:32 EDT
Adding Dmitry as ALT Linux does ship 389.
Comment 20 Tomas Hoger 2010-07-01 10:26:53 EDT
Further investigation showed this bug was only introduced very recently in the following commit from Apr 2010:

http://git.fedorahosted.org/git/?p=389/ds.git;a=commitdiff;h=78c50664d6#patch10

Therefore, this issue does not affect any released version of Red Hat Directory Server and only affects versions of 389 Directory Server in Fedora updates-testing.  Due to that, we'd like to make it public asap and do fixed 389 builds for Fedora.

Dmitry, does that work fine for you too, or do you need some more time to work on ALT updates?
Comment 21 Dmitry V. Levin 2010-07-01 11:54:21 EDT
(In reply to comment #20)
> Dmitry, does that work fine for you too, or do you need some more time to work
> on ALT updates?    

It's OK for us, too.
Comment 22 Rich Megginson 2010-07-01 12:31:48 EDT
So, ok to open this bug and lift the embargo?  I would like to commit this upstream asap.
Comment 23 Tomas Hoger 2010-07-01 14:53:56 EDT
Making bug public.
Comment 24 Rich Megginson 2010-07-01 15:54:40 EDT
To ssh://git.fedorahosted.org/git/389/ds.git
   c28fcad..82625eb  Directory_Server_8_2_Branch -> Directory_Server_8_2_Branch
commit 82625ebf670c0f234e8bcbf18420e84b325e359e
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Mon Jun 14 20:25:18 2010 -0600
    Reviewed by: nkinder (Thanks!)
    Branch: Directory_Server_8_2_Branch
    Fix Description: Needed to pass &orig to ber_scanf 'a' instead of orig.  Als
    Platforms tested: RHEL5 x86_64
    Flag Day: no
    Doc impact: no
   1a47871..8632731  master -> master
commit 8632731df33fc3a91eb3cfecfb9c63d56cff23e8
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Mon Jun 14 20:25:18 2010 -0600
    Branch: HEAD
Comment 25 Tomas Hoger 2010-07-02 02:51:50 EDT
(In reply to comment #24)
> To ssh://git.fedorahosted.org/git/389/ds.git
>    c28fcad..82625eb  Directory_Server_8_2_Branch -> Directory_Server_8_2_Branch
> commit 82625ebf670c0f234e8bcbf18420e84b325e359e

http://git.fedorahosted.org/git/?p=389/ds.git;a=commitdiff;h=82625ebf67
Comment 26 Noriko Hosoi 2010-09-14 15:03:13 EDT
*** Bug 601946 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.