Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 680121 - (CVE-2011-1067) CVE-2011-1067 Directory Server: DoS via Simple Paged Results connections
CVE-2011-1067 Directory Server: DoS via Simple Paged Results connections
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
public=20110110,reported=20110223,sou...
: Security
Depends On: 668619 711513
Blocks:
  Show dependency treegraph
 
Reported: 2011-02-24 07:37 EST by Jan Lieskovsky
Modified: 2011-06-07 13:21 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-04-19 12:58:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jan Lieskovsky 2011-02-24 07:37:36 EST 
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1067 to
the following vulnerability:

slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not
properly manage the c_timelimit field of the connection table element,
which allows remote attackers to cause a denial of service (daemon
outage) via Simple Paged Results connections, as demonstrated by using
multiple processes to replay TCP sessions, a different vulnerability
than CVE-2011-0019.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1067
[2] http://directory.fedoraproject.org/wiki/Release_Notes
[3] https://bugzilla.redhat.com/show_bug.cgi?id=668619
Comment 1 Tomas Hoger 2011-04-19 05:53:47 EDT 
Relevant git commit:
http://git.fedorahosted.org/git/?p=389/ds.git;a=commitdiff;h=68d53e3

Rich, Noriko, did this affect RH Directory Server 8?
Comment 2 Rich Megginson 2011-04-19 09:17:42 EDT 
(In reply to comment #1)
> Relevant git commit:
> http://git.fedorahosted.org/git/?p=389/ds.git;a=commitdiff;h=68d53e3
> 
> Rich, Noriko, did this affect RH Directory Server 8?

Yes, and we released an errata to fix this in rhds 8.2
Comment 3 Tomas Hoger 2011-04-19 10:47:53 EDT 
(In reply to comment #2)
> > Rich, Noriko, did this affect RH Directory Server 8?
> 
> Yes, and we released an errata to fix this in rhds 8.2

I don't see the patch linked in comment #1 applied in the latest 8.2.4 packages from RHSA-2011:0293.  Part of it is not even applicable (there's no pagedresults_cleanup function).
Comment 4 Noriko Hosoi 2011-04-19 12:26:01 EDT 
(In reply to comment #3)
> 
> I don't see the patch linked in comment #1 applied in the latest 8.2.4 packages
> from RHSA-2011:0293.  Part of it is not even applicable (there's no
> pagedresults_cleanup function).

Right.  This "Bug 668619 - slapd stops responding" was introduced by a preceding fix for 'Bug 567282 - server can not abandon searchRequest of "simple paged results"', which is not included in RHDS8.2.  Thus, 8.2 does not have this issue.
Comment 5 Tomas Hoger 2011-04-19 12:58:57 EDT 
Thank you, Noriko!

Statement:

Not vulnerable. This issue did not affect Red Hat Directory Server 8 packages.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.