Bug 603942 - CVE-2010-2222 redhat-ds: null deref in _ger_parse_control() for subjectdn can crash server
Summary: CVE-2010-2222 redhat-ds: null deref in _ger_parse_control() for subjectdn can...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Security - Access Control (GER)   
(Show other bugs)
Version: 1.2.6
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
URL: http://dhcp47-145.lab.bos.redhat.com:...
Whiteboard:
Keywords:
: 601946 (view as bug list)
Depends On:
Blocks: 434914 389_1.2.6 CVE-2010-2222
TreeView+ depends on / blocked
 
Reported: 2010-06-14 23:19 UTC by Rich Megginson
Modified: 2015-12-07 16:45 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 16:45:48 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
0001-Bug-603942-null-deref-in-_ger_parse_control-for.patch (1.79 KB, patch)
2010-06-15 02:26 UTC, Rich Megginson
nkinder: review+
Details | Diff

Description Rich Megginson 2010-06-14 23:19:24 UTC
The code that parses the GER request can dereference a NULL pointer

Comment 1 Rich Megginson 2010-06-15 02:26:07 UTC
Created attachment 424011 [details]
0001-Bug-603942-null-deref-in-_ger_parse_control-for.patch

Comment 9 Vincent Danen 2010-06-16 15:41:01 UTC
This has been assigned CVE-2010-2222.

Comment 10 Vincent Danen 2010-06-16 17:42:32 UTC
Adding Dmitry as ALT Linux does ship 389.

Comment 20 Tomas Hoger 2010-07-01 14:26:53 UTC
Further investigation showed this bug was only introduced very recently in the following commit from Apr 2010:

http://git.fedorahosted.org/git/?p=389/ds.git;a=commitdiff;h=78c50664d6#patch10

Therefore, this issue does not affect any released version of Red Hat Directory Server and only affects versions of 389 Directory Server in Fedora updates-testing.  Due to that, we'd like to make it public asap and do fixed 389 builds for Fedora.

Dmitry, does that work fine for you too, or do you need some more time to work on ALT updates?

Comment 21 Dmitry V. Levin 2010-07-01 15:54:21 UTC
(In reply to comment #20)
> Dmitry, does that work fine for you too, or do you need some more time to work
> on ALT updates?    

It's OK for us, too.

Comment 22 Rich Megginson 2010-07-01 16:31:48 UTC
So, ok to open this bug and lift the embargo?  I would like to commit this upstream asap.

Comment 23 Tomas Hoger 2010-07-01 18:53:56 UTC
Making bug public.

Comment 24 Rich Megginson 2010-07-01 19:54:40 UTC
To ssh://git.fedorahosted.org/git/389/ds.git
   c28fcad..82625eb  Directory_Server_8_2_Branch -> Directory_Server_8_2_Branch
commit 82625ebf670c0f234e8bcbf18420e84b325e359e
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Mon Jun 14 20:25:18 2010 -0600
    Reviewed by: nkinder (Thanks!)
    Branch: Directory_Server_8_2_Branch
    Fix Description: Needed to pass &orig to ber_scanf 'a' instead of orig.  Als
    Platforms tested: RHEL5 x86_64
    Flag Day: no
    Doc impact: no
   1a47871..8632731  master -> master
commit 8632731df33fc3a91eb3cfecfb9c63d56cff23e8
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Mon Jun 14 20:25:18 2010 -0600
    Branch: HEAD

Comment 25 Tomas Hoger 2010-07-02 06:51:50 UTC
(In reply to comment #24)
> To ssh://git.fedorahosted.org/git/389/ds.git
>    c28fcad..82625eb  Directory_Server_8_2_Branch -> Directory_Server_8_2_Branch
> commit 82625ebf670c0f234e8bcbf18420e84b325e359e

http://git.fedorahosted.org/git/?p=389/ds.git;a=commitdiff;h=82625ebf67

Comment 26 Noriko Hosoi 2010-09-14 19:03:13 UTC
*** Bug 601946 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.