Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAKG8Do54HFg5=COMtYKowz+9ZJg6WK67EqeQavSNCFb_uUVssg@mail.gmail.com>
Date: Wed, 18 Jan 2017 16:22:20 +0100
From: Cedric Buissart <cbuissar@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-2591 389 Directory Server: DoS via OOB heap read in
 "attribute uniqueness" plugin

Hi,

This is to disclose the following CVE:

CVE-2017-2591 389 Directory Server: DoS via OOB heap read

Description :

The "attribute uniqueness" plugin did not properly NULL-terminate an array
when building up its configuration, if a so called 'old-style'
configuration, was being used (Using nsslapd-pluginarg<X> parameters) .

A attacker, authenticated, but possibly also unauthenticated, could
possibly force the plugin to read beyond allocated memory and trigger a
segfault.

The crash could also possibly be triggered accidentally.

Upstream patch :
https://fedorahosted.org/389/changeset/ffda694dd622b31277da07be76d3469fad86150f/
Affected versions : from 1.3.4.0

Fixed version : 1.3.6

Impact: Low
CVSS3 scoring : 3.7 -- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Upstream bug report : https://fedorahosted.org/389/ticket/48986

Best Regards,


-- 
Cedric Buissart,
Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.