slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. This represents a minor security issue; additional factors are needed to make it exploitable. References: http://www.openldap.org/its/index.cgi?findid=8703
Created openldap tracking bugs for this issue: Affects: fedora-all [bug 1488752]
As per upstream: "If I understood you correctly, "Additional factors are needed" basically means you have to find a code execution vulnerability in slapd? At that point I think you can do much more interesting things - pretending that your user is uid 0, or in various admin groups are only the first ideas that come to mind." The above basically implies that this bug can be used only when additional major flaws are found in the slapd binary like the ones caused by heap-based buffer overflows etc. Based on this argument, Red Hat Product Security does not consider this to be a security flaw.
Statement: As per upstream this bug can be used only when additional major flaws are found in the slapd binary like the ones caused by heap-based buffer overflows etc. Based on this argument, Red Hat Product Security does not consider this to be a security flaw.