Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 21 Nov 2013 08:15:07 -0700
From: Vincent Danen <>
Subject: 389-ds DoS due to improper handling of ger attr searches

A flaw in how 389-ds-base and Red Hat Directory Server handled the
checking of access rights on entries using GER (Get Effective Rights), a
way to extend directory searches to also display what access rights a
user has to a specified entry.  When an attribute list is given in the
search request, and if there are several attributes whose names contain
the '@' character, 389-ds-base and Red Hat Directory Server would crash.
An attacker able to contact the server would be able to submit this type
of search request with no authentication required.

(Obviously no CVE is required, posting here as this was previously sent
to the distros@ mailing list)

Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.