Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 209677 (CVE-2008-0658) - net-nds/openldap < 2.3.41 crash, authenticated user, MODRDN operation (CVE-2008-0658)
Summary: net-nds/openldap < 2.3.41 crash, authenticated user, MODRDN operation (CVE-2...
Status: RESOLVED FIXED
Alias: CVE-2008-0658
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor
Assignee: Gentoo Security
URL: http://www.openldap.org/its/index.cgi...
Whiteboard: B3 [glsa] Falco
Keywords:
Depends on:
Blocks:
 
Reported: 2008-02-11 17:14 UTC by Raphael Marichez (Falco) (RETIRED)
Modified: 2020-04-04 12:16 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-02-11 17:14:56 UTC
Hi,

here is an openldap issue.

This new issue is related to CVE-2007-6698 but was only published 4 days ago: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358


====================================

Date: Thu, 7 Feb 2008 11:01:39 GMT
From: rhafer@suse.de
To: openldap-its@OpenLDAP.org
Subject: Modrdn operation with NOOP control crashes BDB backend

Full_Name: Ralf Haferkamp
Version: HEAD, RE23, RE24
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (89.166.185.54)


This is basically the same issue as ITS#4925. The issue is also apparent in the
MODRDN operation:

ldapmodrdn -x -h :389 -D <dn> -w <pw> -e \noop
ou=test,dc=my-domain,dc=com
ou=test2

causes the server to crash. Fix is similar to the ITS#4925 fix.

=========================================

This has been fixed the 7th.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-26 20:40:47 UTC
ldap-bugs please advise.
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-03-04 15:38:55 UTC
(In reply to comment #2)
> ldap-bugs please advise.
> 

*ping*
Comment 4 Markus Ullmann (RETIRED) gentoo-dev 2008-03-04 21:32:32 UTC
2.3.41 InCVS, contains the fix already.

Please do the usual FEATURES="test" and report any issues
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2008-03-05 00:00:15 UTC
Markus, will there also be an update to the 2.4 branch?

Arches, please test and mark stable:
=net-nds/openldap-2.3.41
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release s390 sh sparc x86"
Comment 6 Brent Baude (RETIRED) gentoo-dev 2008-03-05 02:09:43 UTC
ppc64 done
Comment 7 Christian Faulhammer (RETIRED) gentoo-dev 2008-03-05 12:50:16 UTC
x86 stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2008-03-05 17:48:40 UTC
(In reply to comment #4)
> 2.3.41 InCVS, contains the fix already.
> 
> Please do the usual FEATURES="test" and report any issues

Er, that's the usual FEATURES="userpriv test" or you'll see this:

>>>>> Starting test007-replication ...
running defines.sh
Starting master slapd on TCP/IP port 9011...
Starting slave slapd on TCP/IP port 9012...
Using ldapsearch to check that master slapd is running...
Using ldapsearch to check that slave slapd is running...
Starting slurpd...
Using ldapadd to populate the master directory...
Waiting 15 seconds for slurpd to send changes...
Using ldapmodify to modify master directory...
Waiting 15 seconds for slurpd to send changes...
Stopping the slave...
Waiting 5 seconds for slave slapd to die...
Applying more changes to the master slapd...
Stopping slurpd...
Waiting 5 seconds for slurpd to die...
Applying more changes to the master slapd...
Restarting slave slapd on TCP/IP port 9012...
Using ldapsearch to check that slave slapd is running...
Restarting slurpd...
Waiting 15 seconds for slurpd to send changes...
Try updating the slave slapd...
Waiting 15 seconds for slurpd to send changes...
Using ldapsearch to read all the entries from the master...
Using ldapsearch to read all the entries from the slave...
Filtering master results...
./scripts/acfilter.sh: line 18: 23375 Hangup                  $SLURPD -f $CONF1 -d ${SLURPD_DEBUG-5} -t $DBDIR1B >> $SLURPLOG 2>&1
Filtering slave results...
Comparing retrieved entries from master and slave...
test failed - master and slave databases differ
>>>>> ./scripts/test007-replication failed (exit 1)
make[1]: *** [bdb-yes] Error 1
make[1]: Leaving directory `/dev/shm/portage/net-nds/openldap-2.3.41/work/openldap-2.3.41/tests'
make: *** [tests] Error 2
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2008-03-05 17:51:18 UTC
Oh wait, that test fails with userpriv as well. That appears to be a regression, and unfortunately the test suite bails out at that point.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2008-03-05 19:54:57 UTC
alpha/ia64/sparc stable
Comment 11 Tobias Scherbaum (RETIRED) gentoo-dev 2008-03-05 20:30:15 UTC
ppc stable
Comment 12 Steve Dibb (RETIRED) gentoo-dev 2008-03-07 17:22:36 UTC
amd64 stable
Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-03-15 20:26:53 UTC
hppa/ldap-bugs: any news here wrt comment #8 and 9? 
Comment 14 Markus Ullmann (RETIRED) gentoo-dev 2008-03-18 22:33:42 UTC
I'd say it's a nonblocker as slurpd dates back to 2.2 and was only left for migration, today you should be using syncprov
it has also been dropped on 2.4 already, so no objections to still mark stable
Comment 15 Jeroen Roovers (RETIRED) gentoo-dev 2008-03-18 23:39:05 UTC
(In reply to comment #14)
> I'd say it's a nonblocker as slurpd dates back to 2.2 and was only left for
> migration, today you should be using syncprov
> it has also been dropped on 2.4 already, so no objections to still mark stable

OK, stable for HPPA.
Comment 16 Peter Volkov (RETIRED) gentoo-dev 2008-03-19 06:50:08 UTC
Fixed in release snapshot.
Comment 17 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-03-19 22:10:04 UTC
GLSA 200803-28
Comment 18 Walter 2008-06-28 16:18:02 UTC
Unsure if this is the same bug but it looks similar enough to me...

i just installed openldap-2.3.41 today (sync'd this afternoon) and was attempting to ldapadd some test data.

slapd crashes.

if i supply an incorrect password it stays stable, as soon as i supply the real password it crashes immediately - no syslog output, daemon gone!

# /etc/init.d/slapd restart
...
# ldapadd -x -D "cn=Manager,dc=domain,dc=com" -W -f `locate .ldif`
Enter LDAP Password: (dont enter any or enter wrong)
ldap_bind: Server is unwilling to perform (53)
        additional info: unauthenticated bind (DN with no password) disallowed
(daemon is still running)
# ldapadd -x -D "cn=Manager,dc=domain,dc=com" -W -f `locate .ldif`
Enter LDAP Password: (enter correct password)
ldap_result: Can't contact LDAP server (-1)
#

(daemon is gone)

Architecture: -march=k8 -O2 -pipe -fomit-frame-pointer
 ... AMD Athlon(tm) 64 Processor 30000+
Comment 19 Robert Buchholz (RETIRED) gentoo-dev 2008-06-29 16:05:50 UTC
Walter: Are you sure you configured the LDAP server correctly? In any case, please open a new bug for it, if you believe this to be a bug in OpenLDAP. But make sure you have your configuration right before that.