Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 488322 (CVE-2013-4449) - <=net-nds/openldap-2.4.36 : segfault on certain queries with rwm overlay (CVE-2013-4449)
Summary: <=net-nds/openldap-2.4.36 : segfault on certain queries with rwm overlay (CVE...
Status: RESOLVED FIXED
Alias: CVE-2013-4449
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-17 07:37 UTC by Agostino Sarubbo
Modified: 2015-05-16 09:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-10-17 07:37:14 UTC
From ${URL} :

It was discovered that OpenLDAP, with the rwm overlay to slapd, could segfault if a user were able to query the directory and immediately unbind from the server.  This seems to be due to the rwm overlay not doing reference counting properly, so rwm_conn_destroy frees the session context while rwm_op_search is using it.  This condition also seems to require multiple cores/CPUs to trigger.

This was also reported upstream [1] and is currently unfixed.

[1] http://www.openldap.org/its/index.cgi/Incoming?id=7723
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2014-06-30 19:20:15 UTC
Redhat issue states it was fixed and pushed in openldap-2.4.39-2

Available upstream
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-08-19 23:06:36 UTC
CVE-2013-4449 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4449):
  The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly
  count references, which allows remote attackers to cause a denial of service
  (slapd crash) by unbinding immediately after a search request, which
  triggers rwm_conn_destroy to free the session context while it is being used
  by rwm_op_search.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-09-10 03:48:15 UTC
Maintainers, this security issue has been around since Feb 2014. Can we please bump to a non vulnerable version.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-10-05 19:35:26 UTC
Ping for update, do we have an ebuild with non-vulnerable version?
Comment 5 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2014-10-11 21:19:19 UTC
The CVE states the vulnerable version in <=2.4.36.

2.4.38 was added 2013/12/13, and 2.4.38-r2 is already stable on everything except s390 and sh;
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2014-10-15 02:54:10 UTC
Thank you for the update. So the only thing left is the Cleanup of 2.4.35*.

Maintainer(s), please drop the vulnerable version(s).

GLSA Vote: No
Comment 7 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2014-12-28 19:09:18 UTC
GLSA vote: no, too.
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2014-12-29 08:18:40 UTC
Maintainer(s): Ping on cleanup!
Comment 9 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2015-05-16 06:36:53 UTC
InCVS.