Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Oct 2013 15:49:50 -0600
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: slapd segfaults on certain queries with rwm overlay
 enabled

The following was reported to us, but has already been reported
publicly upstream.  Could a CVE be assigned to it?

It was discovered that OpenLDAP, with the rwm overlay to slapd, could
segfault if a user were able to query the directory and immediately
unbind from the server.  This seems to be due to the rwm overlay not
doing reference counting properly, so rwm_conn_destroy frees the session
context while rwm_op_search is using it.  This condition also seems to
require multiple cores/CPUs to trigger.


References:

http://www.openldap.org/its/index.cgi/Incoming?id=7723
https://bugzilla.redhat.com/show_bug.cgi?id=1019490

This is currently not fixed upstream.

-- 
Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ