Bug 604783 (CVE-2010-2222) - CVE-2010-2222 redhat-ds/389: null deref in _ger_parse_control() for subjectdn can crash server
Summary: CVE-2010-2222 redhat-ds/389: null deref in _ger_parse_control() for subjectdn...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2010-2222
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 603942
Blocks: 1248117
TreeView+ depends on / blocked
 
Reported: 2010-06-16 17:59 UTC by Vincent Danen
Modified: 2019-09-29 12:36 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-22 10:49:21 UTC


Attachments (Terms of Use)
patch to correct the flaw (1.79 KB, patch)
2010-06-16 18:06 UTC, Vincent Danen
no flags Details | Diff

Description Vincent Danen 2010-06-16 17:59:32 UTC
A vulnerability in Red Hat Directory Server and the 389 Directory Server was discovered.  The code that parses the GER request (_ger_parse_control()) can dereference a NULL pointer.  An unauthenticated user able to communicate with the Directory Server could use a crafted search query that would cause the Directory Server to crash.

This issue has been assigned the name CVE-2010-2222.

Comment 2 Vincent Danen 2010-06-16 18:06:12 UTC
Created attachment 424540 [details]
patch to correct the flaw

Comment 3 Tomas Hoger 2010-07-01 18:56:24 UTC
Lifting embargo.

This bug was only introduced recently in the following commit:
http://git.fedorahosted.org/git/?p=389/ds.git;a=commitdiff;h=78c50664d6#patch10

Therefore, this issue did not affect any released version of Red Hat Directory Server.

Comment 4 Tomas Hoger 2010-07-02 06:52:20 UTC
(In reply to comment #2)
> Created an attachment (id=424540) [details]
> patch to correct the flaw    

Committed to git:
http://git.fedorahosted.org/git/?p=389/ds.git;a=commitdiff;h=82625ebf67


Note You need to log in before you can comment on or make changes to this bug.