Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Oct 2013 15:49:50 -0600
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: slapd segfaults on certain queries with rwm overlay
 enabled

The following was reported to us, but has already been reported
publicly upstream.  Could a CVE be assigned to it?

It was discovered that OpenLDAP, with the rwm overlay to slapd, could
segfault if a user were able to query the directory and immediately
unbind from the server.  This seems to be due to the rwm overlay not
doing reference counting properly, so rwm_conn_destroy frees the session
context while rwm_op_search is using it.  This condition also seems to
require multiple cores/CPUs to trigger.


References:

http://www.openldap.org/its/index.cgi/Incoming?id=7723
https://bugzilla.redhat.com/show_bug.cgi?id=1019490

This is currently not fixed upstream.

-- 
Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.