Bug 787014 (CVE-2012-0833) - CVE-2012-0833 389: denial of service when using certificate groups
Summary: CVE-2012-0833 389: denial of service when using certificate groups
Alias: CVE-2012-0833
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 781519 890944
Blocks: 784298 790261
TreeView+ depends on / blocked
Reported: 2012-02-02 22:03 UTC by Vincent Danen
Modified: 2023-05-12 22:09 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
see https://bugzilla.redhat.com/show_bug.cgi?id=781519
Clone Of:
: 890944 (view as bug list)
Last Closed: 2015-08-22 06:24:40 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0813 0 normal SHIPPED_LIVE Low: 389-ds-base security, bug fix, and enhancement update 2012-06-19 19:29:15 UTC
Red Hat Product Errata RHSA-2013:0549 0 normal SHIPPED_LIVE Low: Red Hat Directory Server security and bug fix update 2013-02-22 00:00:06 UTC

Description Vincent Danen 2012-02-02 22:03:00 UTC
A flaw was found [1] in the way 389 handled certificate groups with authentication.  If a 389 server were configured to use certificate groups, and had an aci that included a certificate group, it would be possible a remote, authenticated user to cause 389 to enter an infinite loop and consume all available CPU, causing it to stop responding to further requests.

This has been resolved in upstream git [2].

[1] https://fedorahosted.org/389/ticket/162
[2] https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base

Comment 3 Kurt Seifried 2012-02-03 08:51:57 UTC
Corrected CVE typo

Comment 7 Murray McAllister 2012-06-15 12:08:10 UTC

Red Hat would like to thank Graham Leggett for reporting this issue.

Comment 8 errata-xmlrpc 2012-06-20 07:13:12 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0813 https://rhn.redhat.com/errata/RHSA-2012-0813.html

Comment 10 Vincent Danen 2013-02-21 16:14:15 UTC


Comment 11 errata-xmlrpc 2013-02-21 19:04:19 UTC
This issue has been addressed in following products:

  Red Hat Directory Server 8 for RHEL 5

Via RHSA-2013:0549 https://rhn.redhat.com/errata/RHSA-2013-0549.html

Note You need to log in before you can comment on or make changes to this bug.