Date: Wed, 16 Oct 2013 15:49:50 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: slapd segfaults on certain queries with rwm overlay enabled The following was reported to us, but has already been reported publicly upstream. Could a CVE be assigned to it? It was discovered that OpenLDAP, with the rwm overlay to slapd, could segfault if a user were able to query the directory and immediately unbind from the server. This seems to be due to the rwm overlay not doing reference counting properly, so rwm_conn_destroy frees the session context while rwm_op_search is using it. This condition also seems to require multiple cores/CPUs to trigger. References: http://www.openldap.org/its/index.cgi/Incoming?id=7723 https://bugzilla.redhat.com/show_bug.cgi?id=1019490 This is currently not fixed upstream. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.