645706 – (CVE-2017-15135) <net-nds/389-ds-base-{1.3.5.19, 1.3.6.8-r1}: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c

Bug 645706 (CVE-2017-15135) - <net-nds/389-ds-base-{1.3.5.19, 1.3.6.8-r1}: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c

Summary: <net-nds/389-ds-base-{1.3.5.19, 1.3.6.8-r1}: Authentication bypass due to lac...

Status:	RESOLVED FIXED

Alias:	CVE-2017-15135

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~1 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-01-25 15:48 UTC by GLSAMaker/CVETool Bot
Modified:	2018-02-06 01:41 UTC (History)
CC List:	3 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/7078
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2018-01-25 15:48:41 UTC

CVE-2017-15135 (https://nvd.nist.gov/vuln/detail/CVE-2017-15135):
  It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did
  not always handle internal hash comparison operations correctly during the
  authentication process. A remote, unauthenticated attacker could potentially
  use this flaw to bypass the authentication process under very rare and
  specific circumstances.

Comment 1 Wes 2018-02-05 00:57:17 UTC

https://github.com/gentoo/gentoo/pull/7078

Comment 2 Larry the Git Cow gentoo-dev

2018-02-05 21:50:08 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e71df7341cdaa0a4cc2aeff56496ce1724b921d2

commit e71df7341cdaa0a4cc2aeff56496ce1724b921d2
Author:     Wes Cilldhaire <wes@sol1.com.au>
AuthorDate: 2018-02-05 01:07:25 +0000
Commit:     Patrice Clement <monsieurp@gentoo.org>
CommitDate: 2018-02-05 21:50:03 +0000

    net-nds/389-ds-base: patch against CVE-2017-15135 in 1.3.6.8.
    
    * Patch and revbump to 1.3.6.8 to address CVE-2017-15135
    * Update copyright line in all versions for 2018
    
    Bug: https://bugs.gentoo.org/645706
    
    Acked-by: wibrown@redhat.com
    Package-Manager: Portage-2.3.20, Repoman-2.3.6
    Closes: https://github.com/gentoo/gentoo/pull/7078

 net-nds/389-ds-base/389-ds-base-1.3.5.19.ebuild    |   2 +-
 ....3.6.8.ebuild => 389-ds-base-1.3.6.8-r1.ebuild} |   4 +-
 net-nds/389-ds-base/389-ds-base-9999.ebuild        |   2 +-
 ...-base-1.3.6-backport-invalid-password-mig.patch | 376 +++++++++++++++++++++
 4 files changed, 381 insertions(+), 3 deletions(-)}

Comment 3 Larry the Git Cow gentoo-dev

2018-02-05 21:52:42 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c73dc8bddc74876c7d3a177bf30e5d21ba3e808

commit 5c73dc8bddc74876c7d3a177bf30e5d21ba3e808
Author:     Patrice Clement <monsieurp@gentoo.org>
AuthorDate: 2018-02-05 21:52:22 +0000
Commit:     Patrice Clement <monsieurp@gentoo.org>
CommitDate: 2018-02-05 21:52:22 +0000

    net-nds/389-ds-base: remove vulnerable version.
    
    Bug: https://bugs.gentoo.org/645706
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 net-nds/389-ds-base/389-ds-base-1.3.5.19.ebuild | 124 ------------------------
 net-nds/389-ds-base/Manifest                    |   1 -
 2 files changed, 125 deletions(-)}