A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.
A flaw was found in 389-ds-base. The server can be crashed by an anonymous client through a ldapmodify command with a large DN argument potentially causing denial of service.
*** Bug 1621942 has been marked as a duplicate of this bug. ***
Created 389-ds-base tracking bugs for this issue:
Affects: fedora-all [bug 1624198]
Since https://bugzilla.redhat.com/show_bug.cgi?id=1621942 is not accessible/restricted, could you share more information on this issue? (CVE-2018-14624). Which upstream versions are affected, and is there a fix for the issue?
Created attachment 1480666 [details]
patch for crash in vslapd_log_emergency_error
Adding patch here since it hasn't made its way upstream yet.
Doran and Sam: thank you
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:2757 https://access.redhat.com/errata/RHSA-2018:2757