Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 645706 (CVE-2017-15135)

Summary: <net-nds/389-ds-base-{1.3.5.19, 1.3.6.8-r1}: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: proxy-maint, wes, wibrown
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/7078
Whiteboard: ~1 [noglsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2018-01-25 15:48:41 UTC 
CVE-2017-15135 (https://nvd.nist.gov/vuln/detail/CVE-2017-15135):
  It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did
  not always handle internal hash comparison operations correctly during the
  authentication process. A remote, unauthenticated attacker could potentially
  use this flaw to bypass the authentication process under very rare and
  specific circumstances.
Comment 2 Larry the Git Cow gentoo-dev 2018-02-05 21:50:08 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e71df7341cdaa0a4cc2aeff56496ce1724b921d2

commit e71df7341cdaa0a4cc2aeff56496ce1724b921d2
Author:     Wes Cilldhaire <wes@sol1.com.au>
AuthorDate: 2018-02-05 01:07:25 +0000
Commit:     Patrice Clement <monsieurp@gentoo.org>
CommitDate: 2018-02-05 21:50:03 +0000

    net-nds/389-ds-base: patch against CVE-2017-15135 in 1.3.6.8.
    
    * Patch and revbump to 1.3.6.8 to address CVE-2017-15135
    * Update copyright line in all versions for 2018
    
    Bug: https://bugs.gentoo.org/645706
    
    Acked-by: wibrown@redhat.com
    Package-Manager: Portage-2.3.20, Repoman-2.3.6
    Closes: https://github.com/gentoo/gentoo/pull/7078

 net-nds/389-ds-base/389-ds-base-1.3.5.19.ebuild    |   2 +-
 ....3.6.8.ebuild => 389-ds-base-1.3.6.8-r1.ebuild} |   4 +-
 net-nds/389-ds-base/389-ds-base-9999.ebuild        |   2 +-
 ...-base-1.3.6-backport-invalid-password-mig.patch | 376 +++++++++++++++++++++
 4 files changed, 381 insertions(+), 3 deletions(-)}
Comment 3 Larry the Git Cow gentoo-dev 2018-02-05 21:52:42 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c73dc8bddc74876c7d3a177bf30e5d21ba3e808

commit 5c73dc8bddc74876c7d3a177bf30e5d21ba3e808
Author:     Patrice Clement <monsieurp@gentoo.org>
AuthorDate: 2018-02-05 21:52:22 +0000
Commit:     Patrice Clement <monsieurp@gentoo.org>
CommitDate: 2018-02-05 21:52:22 +0000

    net-nds/389-ds-base: remove vulnerable version.
    
    Bug: https://bugs.gentoo.org/645706
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 net-nds/389-ds-base/389-ds-base-1.3.5.19.ebuild | 124 ------------------------
 net-nds/389-ds-base/Manifest                    |   1 -
 2 files changed, 125 deletions(-)}