Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1067 to the following vulnerability: slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1067 [2] http://directory.fedoraproject.org/wiki/Release_Notes [3] https://bugzilla.redhat.com/show_bug.cgi?id=668619
Relevant git commit: http://git.fedorahosted.org/git/?p=389/ds.git;a=commitdiff;h=68d53e3 Rich, Noriko, did this affect RH Directory Server 8?
(In reply to comment #1) > Relevant git commit: > http://git.fedorahosted.org/git/?p=389/ds.git;a=commitdiff;h=68d53e3 > > Rich, Noriko, did this affect RH Directory Server 8? Yes, and we released an errata to fix this in rhds 8.2
(In reply to comment #2) > > Rich, Noriko, did this affect RH Directory Server 8? > > Yes, and we released an errata to fix this in rhds 8.2 I don't see the patch linked in comment #1 applied in the latest 8.2.4 packages from RHSA-2011:0293. Part of it is not even applicable (there's no pagedresults_cleanup function).
(In reply to comment #3) > > I don't see the patch linked in comment #1 applied in the latest 8.2.4 packages > from RHSA-2011:0293. Part of it is not even applicable (there's no > pagedresults_cleanup function). Right. This "Bug 668619 - slapd stops responding" was introduced by a preceding fix for 'Bug 567282 - server can not abandon searchRequest of "simple paged results"', which is not included in RHDS8.2. Thus, 8.2 does not have this issue.
Thank you, Noriko! Statement: Not vulnerable. This issue did not affect Red Hat Directory Server 8 packages.