Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Oct 2013 15:49:50 -0600
From: Vincent Danen <>
Subject: CVE request: slapd segfaults on certain queries with rwm overlay

The following was reported to us, but has already been reported
publicly upstream.  Could a CVE be assigned to it?

It was discovered that OpenLDAP, with the rwm overlay to slapd, could
segfault if a user were able to query the directory and immediately
unbind from the server.  This seems to be due to the rwm overlay not
doing reference counting properly, so rwm_conn_destroy frees the session
context while rwm_op_search is using it.  This condition also seems to
require multiple cores/CPUs to trigger.


This is currently not fixed upstream.

Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ