787014 – (CVE-2012-0833) CVE-2012-0833 389: denial of service when using certificate groups

Bug 787014 (CVE-2012-0833) - CVE-2012-0833 389: denial of service when using certificate groups

Summary: CVE-2012-0833 389: denial of service when using certificate groups

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-0833
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	781519 890944
Blocks:	784298 790261
TreeView+	depends on / blocked

Reported:	2012-02-02 22:03 UTC by Vincent Danen
Modified:	2023-05-12 22:09 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	see https://bugzilla.redhat.com/show_bug.cgi?id=781519
Clone Of:
Clones:	890944 (view as bug list)
Environment:
Last Closed:	2015-08-22 06:24:40 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:0813	0	normal	SHIPPED_LIVE	Low: 389-ds-base security, bug fix, and enhancement update	2012-06-19 19:29:15 UTC
Red Hat Product Errata	RHSA-2013:0549	0	normal	SHIPPED_LIVE	Low: Red Hat Directory Server security and bug fix update	2013-02-22 00:00:06 UTC

Description Vincent Danen 2012-02-02 22:03:00 UTC

A flaw was found [1] in the way 389 handled certificate groups with authentication.  If a 389 server were configured to use certificate groups, and had an aci that included a certificate group, it would be possible a remote, authenticated user to cause 389 to enter an infinite loop and consume all available CPU, causing it to stop responding to further requests.

This has been resolved in upstream git [2].

[1] https://fedorahosted.org/389/ticket/162
[2] https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base

Comment 3 Kurt Seifried 2012-02-03 08:51:57 UTC

Corrected CVE typo

Comment 7 Murray McAllister 2012-06-15 12:08:10 UTC

Acknowledgements:

Red Hat would like to thank Graham Leggett for reporting this issue.

Comment 8 errata-xmlrpc 2012-06-20 07:13:12 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0813 https://rhn.redhat.com/errata/RHSA-2012-0813.html

Comment 10 Vincent Danen 2013-02-21 16:14:15 UTC

Statement:

(none)

Comment 11 errata-xmlrpc 2013-02-21 19:04:19 UTC

This issue has been addressed in following products:

  Red Hat Directory Server 8 for RHEL 5

Via RHSA-2013:0549 https://rhn.redhat.com/errata/RHSA-2013-0549.html

Note You need to log in before you can comment on or make changes to this bug.