Re: [Touch-packages] [Bug 1838370] [NEW] slapd segfault on filter parse error

2019-07-30 Thread Ryan Tandy 
Hello, thank you for the report.

I was able to reproduce the crash locally by intentionally 
mis-configuring the rwm overlay.

Could you please provide a copy of your rwm overlay configuration? I 
would like to see what the actual parse failure was in your instance.


** Changed in: openldap (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1838370

Title:
  slapd segfault on filter parse error

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  Hello!
  We have faced slapd crash, seems an attacker was trying to brute force one
  of our services and uid parsing failures caused slapd crash:

  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH
  base="ou=test,dc=test,dc=com" scope=2 deref=0
  
filter="(&(uid=aistar123<>!n)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0"
  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH attr=objectClass uid
  userPassword uidNumber gidNumber gecos homeDirectory loginShell
  krbPrincipalName cn memberOf modifyTimestamp modifyTimestamp
  shadowLastChange shadowMin shadow
  Max shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange
  krbPasswordExpiration pwdAttribute authorizedService accountExpires
  userAccountControl nsAccountLock host loginDisabled loginExpirationTime
  loginAllowedTimeMap sshPublic
  Key
  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SEARCH RESULT tag=101 err=0
  nentries=0 text=massaged filter parse error
  Jul 26 18:59:47 kernel: [ 9441.554161] slapd[2367]: segfault at 18 ip
  7fc8d18ec512 sp 7fc8889e2810 error 4 in libc-2.23.so
  [7fc8d1868000+1c]

  Another faulty filter example:
  
filter="(&(uid=sql<>?)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0"
  
filter="(&(uid=fugeone<>?123)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0"

  $ lsb_release -rd
  Description: Ubuntu 16.04.5 LTS
  Release: 16.04

  $ slapd -VVV
  @(#) $OpenLDAP: slapd  (Ubuntu) (May 22 2018 13:54:12) $
  buildd@lcy01-amd64-019
  :/build/openldap-t_Ta0O/openldap-2.4.42+dfsg/debian/build/servers/slapd

  Included static backends:
  config
  ldif

  $ apt-cache policy slapd
  slapd:
Installed: 2.4.42+dfsg-2ubuntu3.3
Candidate: 2.4.42+dfsg-2ubuntu3.5
Version table:
   2.4.42+dfsg-2ubuntu3.5 500
  500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64
  Packages
   *** 2.4.42+dfsg-2ubuntu3.3 100
  100 /var/lib/dpkg/status
   2.4.42+dfsg-2ubuntu3.2 500
  500 http://security.ubuntu.com/ubuntu xenial-security/main amd64
  Packages
   2.4.42+dfsg-2ubuntu3 500
  500 http://nl.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

   affects ubuntu/openldap

To manage notifications about this bug go to:
https://bugs.launchpad.net/openldap/+bug/1838370/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1838370] [NEW] slapd segfault on filter parse error

2019-07-30 Thread Kseniya Blashchuk 
Public bug reported:

Hello!
We have faced slapd crash, seems an attacker was trying to brute force one
of our services and uid parsing failures caused slapd crash:

Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH
base="ou=test,dc=test,dc=com" scope=2 deref=0
filter="(&(uid=aistar123<>!n)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0"
Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH attr=objectClass uid
userPassword uidNumber gidNumber gecos homeDirectory loginShell
krbPrincipalName cn memberOf modifyTimestamp modifyTimestamp
shadowLastChange shadowMin shadow
Max shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange
krbPasswordExpiration pwdAttribute authorizedService accountExpires
userAccountControl nsAccountLock host loginDisabled loginExpirationTime
loginAllowedTimeMap sshPublic
Key
Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SEARCH RESULT tag=101 err=0
nentries=0 text=massaged filter parse error
Jul 26 18:59:47 kernel: [ 9441.554161] slapd[2367]: segfault at 18 ip
7fc8d18ec512 sp 7fc8889e2810 error 4 in libc-2.23.so
[7fc8d1868000+1c]

Another faulty filter example:
filter="(&(uid=sql<>?)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0"
filter="(&(uid=fugeone<>?123)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0"

$ lsb_release -rd
Description: Ubuntu 16.04.5 LTS
Release: 16.04

$ slapd -VVV
@(#) $OpenLDAP: slapd  (Ubuntu) (May 22 2018 13:54:12) $
buildd@lcy01-amd64-019
:/build/openldap-t_Ta0O/openldap-2.4.42+dfsg/debian/build/servers/slapd

Included static backends:
config
ldif

$ apt-cache policy slapd
slapd:
  Installed: 2.4.42+dfsg-2ubuntu3.3
  Candidate: 2.4.42+dfsg-2ubuntu3.5
  Version table:
 2.4.42+dfsg-2ubuntu3.5 500
500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64
Packages
 *** 2.4.42+dfsg-2ubuntu3.3 100
100 /var/lib/dpkg/status
 2.4.42+dfsg-2ubuntu3.2 500
500 http://security.ubuntu.com/ubuntu xenial-security/main amd64
Packages
 2.4.42+dfsg-2ubuntu3 500
500 http://nl.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

 affects ubuntu/openldap

** Affects: openldap (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1838370

Title:
  slapd segfault on filter parse error

Status in openldap package in Ubuntu:
  New

Bug description:
  Hello!
  We have faced slapd crash, seems an attacker was trying to brute force one
  of our services and uid parsing failures caused slapd crash:

  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH
  base="ou=test,dc=test,dc=com" scope=2 deref=0
  
filter="(&(uid=aistar123<>!n)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0"
  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH attr=objectClass uid
  userPassword uidNumber gidNumber gecos homeDirectory loginShell
  krbPrincipalName cn memberOf modifyTimestamp modifyTimestamp
  shadowLastChange shadowMin shadow
  Max shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange
  krbPasswordExpiration pwdAttribute authorizedService accountExpires
  userAccountControl nsAccountLock host loginDisabled loginExpirationTime
  loginAllowedTimeMap sshPublic
  Key
  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SEARCH RESULT tag=101 err=0
  nentries=0 text=massaged filter parse error
  Jul 26 18:59:47 kernel: [ 9441.554161] slapd[2367]: segfault at 18 ip
  7fc8d18ec512 sp 7fc8889e2810 error 4 in libc-2.23.so
  [7fc8d1868000+1c]

  Another faulty filter example:
  
filter="(&(uid=sql<>?)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0"
  
filter="(&(uid=fugeone<>?123)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0"

  $ lsb_release -rd
  Description: Ubuntu 16.04.5 LTS
  Release: 16.04

  $ slapd -VVV
  @(#) $OpenLDAP: slapd  (Ubuntu) (May 22 2018 13:54:12) $
  buildd@lcy01-amd64-019
  :/build/openldap-t_Ta0O/openldap-2.4.42+dfsg/debian/build/servers/slapd

  Included static backends:
  config
  ldif

  $ apt-cache policy slapd
  slapd:
Installed: 2.4.42+dfsg-2ubuntu3.3
Candidate: 2.4.42+dfsg-2ubuntu3.5
Version table:
   2.4.42+dfsg-2ubuntu3.5 500
  500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64
  Packages
   *** 2.4.42+dfsg-2ubuntu3.3 100
  100 /var/lib/dpkg/status
   2.4.42+dfsg-2ubuntu3.2 500
  500 http://security.ubuntu.com/ubuntu xenial-security/main amd64
  Packages
   2.4.42+dfsg-2ubuntu3 500
  500 http://nl.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

   affects ubuntu/openldap

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1838370/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe :