Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 388605 (CVE-2011-4079) - <net-nds/openldap-2.4.28-r1: one-byte buffer overflow in slapd (CVE-2011-4079)
Summary: <net-nds/openldap-2.4.28-r1: one-byte buffer overflow in slapd (CVE-2011-4079)
Status: RESOLVED FIXED
Alias: CVE-2011-4079
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [glsa]
Keywords:
: 392427 (view as bug list)
Depends on: 404555
Blocks:
  Show dependency tree
 
Reported: 2011-10-26 18:58 UTC by Sean Amoss
Modified: 2014-07-01 00:22 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sean Amoss gentoo-dev Security 2011-10-26 18:58:58 UTC
Per the Red Hat bug at $URL:

"A bug in slapd's UTF8StringNormalize() function can cause a one-byte buffer
overflow when it is passed a zero-length string.  The code then writes a '\0'
past the one-byte long buffer allocated on the heap, which could possibly allow
a remote authenticated user to crash slapd.  As per the upstream report [1],
this bug has been present since 2003-04-07 [2]...

A patch to correct the flaw has been committed [3] (depends on the previous
patch [4])."


[1] http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059
[2]
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=67d6b23d

[3]
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=507238713b71208ec4f262f312cb495a302df9e9
[4]
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=d0dd8616f1c68a868afeb8c2c5c09969e366e2c0
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-11-16 23:26:00 UTC
CVE-2011-4079 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4079):
  Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and
  earlier allows remote attackers to cause a denial of service (slapd crash)
  via a zero-length string that triggers a heap-based buffer overflow, as
  demonstrated using an empty postalAddressAttribute value.
Comment 2 Agostino Sarubbo gentoo-dev 2011-11-29 21:03:34 UTC
Fixed in 2.4.27, from changelog:

Fixed slapd schema UTF8StringNormalize with 0 length values.

P.S. is also out 2.4.28
Comment 3 Agostino Sarubbo gentoo-dev 2011-11-29 21:04:12 UTC
*** Bug 392427 has been marked as a duplicate of this bug. ***
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2012-02-12 21:59:42 UTC
2.4.28 has been in-tree since 2012/02/02.
However, I was going to ask for stablereq on 2.4.28-r1 in a week if there are no problems reported (it has a LOT of other fixes in it, 15 bugs worth of old stuff).
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-02-19 20:02:49 UTC
(In reply to comment #4)
> 2.4.28 has been in-tree since 2012/02/02.
> However, I was going to ask for stablereq on 2.4.28-r1 in a week if there are
> no problems reported (it has a LOT of other fixes in it, 15 bugs worth of old
> stuff).

Robin, shall we stabilize =net-nds/openldap-2.4.28-r1 now? Thanks.
Comment 6 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2012-02-19 20:34:07 UTC
Just waiting for a resolution on bug 404555 regarding the automake changes in the new OpenLDAP, then we can go for stable.
Comment 7 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2012-02-21 01:24:27 UTC
Arches, please test and stable.
FEATURES=test should work, but if it doesn't open a bug and I'll review the output.

target keywords:
alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86
Comment 8 Agostino Sarubbo gentoo-dev 2012-02-21 16:58:11 UTC
amd64 stable
Comment 9 Jeroen Roovers gentoo-dev 2012-02-22 16:40:03 UTC
Stable for HPPA.
Comment 10 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-02-24 15:24:10 UTC
x86 stable
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2012-02-25 17:27:29 UTC
alpha/arm/ia64/s390/sh/sparc stable
Comment 12 Brent Baude (RETIRED) gentoo-dev 2012-02-28 19:47:51 UTC
ppc done
Comment 13 Markus Meier gentoo-dev 2012-02-29 20:35:23 UTC
arm stable
Comment 14 Brent Baude (RETIRED) gentoo-dev 2012-03-02 21:35:11 UTC
ppc64 done
Comment 15 Tim Sammut (RETIRED) gentoo-dev 2012-03-02 22:28:49 UTC
Thanks, everyone. GLSA Vote: yes.
Comment 16 Sean Amoss gentoo-dev Security 2012-03-02 23:40:10 UTC
Vote: yes, too. Added to existing GLSA request.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2014-07-01 00:22:07 UTC
This issue was resolved and addressed in
 GLSA 201406-36 at http://security.gentoo.org/glsa/glsa-201406-36.xml
by GLSA coordinator Yury German (BlueKnight).