Bug 1381481 (CVE-2017-2591) - CVE-2017-2591 389-ds-base: Heap buffer overflow in uiduniq.c
Summary: CVE-2017-2591 389-ds-base: Heap buffer overflow in uiduniq.c
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2017-2591
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1381483
Blocks: 1381482
TreeView+ depends on / blocked
 
Reported: 2016-10-04 08:58 UTC by Adam Mariš
Modified: 2021-02-17 03:14 UTC (History)
8 users (show)

Fixed In Version: 389-ds-base 1.3.6
Clone Of:
Environment:
Last Closed: 2017-01-19 10:59:15 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2016-10-04 08:58:22 UTC 
The "attribute uniqueness" plugin did not properly NULL-terminate an array when building up its configuration, if a so called 'old-style' configuration, was being used (Using nsslapd-pluginarg<X> parameters) .

A attacker, authenticated, but possibly also unauthenticated, could possibly force the plugin to read beyond allocated memory and trigger a segfault.

The crash could also possibly be triggered accidentally.

Upstream patch :https://fedorahosted.org/389/changeset/ffda694dd622b31277da07be76d3469fad86150f/
Affected versions : from 1.3.4.0

Fixed version : 1.3.6

Upstream bug report : https://fedorahosted.org/389/ticket/48986
Comment 1 Adam Mariš 2016-10-04 09:01:26 UTC 
Created 389-ds-base tracking bugs for this issue:

Affects: fedora-all [bug 1381483]
Comment 2 Noriko Hosoi 2016-11-14 22:07:51 UTC 
Fixed in 389-ds-base-1.3.6 and newer.

Note: 389-ds-base-1.3.6 is available for F26 (current rawhide).
Comment 9 Cedric Buissart 2017-01-19 10:56:20 UTC 
Statement:

Red Hat Product Security has rated this issue as having Low security
impact, a future update may address this flaw.
Note You need to log in before you can comment on or make changes to this bug.