[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
** Changed in: openldap (Ubuntu Precise) Assignee: (unassigned) = Felipe Reyes (freyes) ** Changed in: openldap (Ubuntu Trusty) Assignee: (unassigned) = Felipe Reyes (freyes) ** Changed in: openldap (Ubuntu Utopic) Assignee: (unassigned) = Felipe Reyes (freyes) ** Changed in: openldap (Ubuntu Vivid) Assignee: (unassigned) = Felipe Reyes (freyes) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
Marc,
I tested these patches against two scenarios: 1) single node with
default configuration and phpldapadmin, 2) a two nodes scenario, 1 node
configures a relay and translucent proxy and connects to the second one
which has a default configuration. For details of each configuration
please see at the end.
Is there any specific configuration that you would like me to test?.
Best,
SCENARIO 1, this is a single node configuration running a default
configuration and phpldapadmin
#+BEGIN_SRC shell
sudo apt-get install -y slapd ldap-utils
sudo dpkg-reconfigure slapd
# Omit OpenLDAP server configuration? No
# DNS domain? ldap.example.com
# Organization name? example
# Administrator password? ubuntu
# Database backend to use? HDB
# Remove the database when slapd is purged? No
# Move old database? Yes
# Allow LDAPv2 protocol? No
sudo apt-get install -y phpldapadmin
sudo sed -i s/127.0.0.1/10.0.3.196/ /etc/phpldapadmin/config.php
sudo sed -i s/dc=example,dc.com/dc=ldap,dc=example,dc=com/
/etc/phpldapadmin/config.php
sudo service apache2 restart
cat EOF /tmp/foo.ldif
dn: ou=People,dc=ldap,dc=example,dc=com
ou: People
description: All people
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=ldap,dc=example,dc=com
ou: Group
description: All groups
objectClass: top
objectClass: organizationalUnit
dn: uid=user1,ou=People,dc=ldap,dc=example,dc=com
uid: user1
cn: user1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}Az/RBEIomiu0c
shadowLastChange: 15192
shadowMin: 0
shadowMax: 9
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/users/user1
dn: cn=user1,ou=Group,dc=ldap,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: user1
userPassword: {crypt}x
gidNumber: 1001
EOF
ldapadd -x -w ubuntu -D cn=admin,dc=ldap,dc=example,dc=com -f /tmp/foo.ldif
ldapsearch -x -w ubuntu -D cn=admin,dc=ldap,dc=example,dc=com -b
dc=ldap,dc=example,dc=com | tail -n1 | egrep -e '# numEntries: 6$' || echo
ERROR adding ldif
sensible-browser http://$IP/phpldapadmin
# login and check entries created with phpldapadmin
#+END_SRC
SCENARIO 2: this is a 2 nodes setup, one of the nodes configures a relay and a
translucent proxy.
node 1 config:
#+BEGIN_SRC shell
echo 10.0.3.240 ldap.example.com | sudo tee -a /etc/hosts # IP of node number
2
sudo apt-get install -y slapd ldap-utils
cat EOF /etc/ldap/slapd.conf
pidfile /var/run/slapd.pid
TLSCACertificateFile/etc/ssl/certs/ca-certificates.crt
modulepath /usr/lib/ldap
moduleload back_hdb.la
moduleload back_relay.la
moduleload back_ldap.la
moduleload rwm.la
moduleload translucent.la
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/openldap.schema
accessto attrs=userPassword by * auth
accessto * by * read
backend hdb
backend relay
database hdb
directory /var/lib/ldap
suffixdc=foo,dc=example,dc=com
rootdncn=admin,dc=foo,dc=example,dc=com
rootpwubuntu
index objectClass eq
database relay
suffixdc=example,dc=com
overlay rwm
rwm-suffixmassage dc=foo,dc=example,dc=com
overlay translucent
uri ldap://ldap.example.com
EOF
sudo slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
sudo chown -R openldap: /etc/ldap/slapd.d
sudo touch /var/run/slapd.pid
sudo chown openldap: /var/run/slapd.pid
sudo service slapd restart
#+END_SRC
node 2 (ldap.example.com) configuration:
#+BEGIN_SRC shell
sudo apt-get install -y slapd ldap-utils
# Omit OpenLDAP server configuration? No
# DNS domain? example.com
# Organization name? example
# Administrator password? ubuntu
# Database backend to use? HDB
# Remove the database when slapd is purged? No
# Move old database? Yes
# Allow LDAPv2 protocol? No
sudo service slapd restart
cat EOF /tmp/enable-debug
# config
dn: cn=config
changetype: modify
replace:olcLogLevel
olcLogLevel: 7
EOF
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /tmp/enable-debug
# create a few records
cat EOF /tmp/foo.ldif
dn: ou=People,dc=example,dc=com
ou: People
description: All people
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=example,dc=com
ou: Group
description: All groups
objectClass: top
objectClass: organizationalUnit
dn: uid=user1,ou=People,dc=example,dc=com
uid: user1
cn: user1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}Az/RBEIomiu0c
shadowLastChange: 15192
shadowMin: 0
shadowMax: 9
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/users/user1
dn: cn=user1,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: user1
userPassword: {crypt}x
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
This bug was fixed in the package openldap - 2.4.31-1+nmu2ubuntu12.1 --- openldap (2.4.31-1+nmu2ubuntu12.1) vivid-security; urgency=medium * SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809) - debian/patches/CVE-2013-4449.patch: fix reference counting - CVE-2013-4449 * SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl() - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList - CVE-2015-1545 -- Felipe Reyes felipe.re...@canonical.com Tue, 19 May 2015 12:58:25 -0300 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
This bug was fixed in the package openldap - 2.4.31-1+nmu2ubuntu11.1 --- openldap (2.4.31-1+nmu2ubuntu11.1) utopic-security; urgency=medium * SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809) - debian/patches/CVE-2013-4449.patch: fix reference counting - CVE-2013-4449 * SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl() - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList - CVE-2015-1545 -- Felipe Reyes felipe.re...@canonical.com Tue, 19 May 2015 12:59:29 -0300 ** Changed in: openldap (Ubuntu Utopic) Status: New = Fix Released ** Changed in: openldap (Ubuntu Vivid) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
This bug was fixed in the package openldap - 2.4.31-1+nmu2ubuntu8.1 --- openldap (2.4.31-1+nmu2ubuntu8.1) trusty-security; urgency=medium * SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809) - debian/patches/CVE-2013-4449.patch: fix reference counting - CVE-2013-4449 * SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl() - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList - CVE-2015-1545 -- Felipe Reyes felipe.re...@canonical.com Tue, 19 May 2015 13:00:21 -0300 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
This bug was fixed in the package openldap - 2.4.28-1.1ubuntu4.5 --- openldap (2.4.28-1.1ubuntu4.5) precise-security; urgency=medium * SECURITY UPDATE: denial of service via an LDAP search query with attrsOnly set to true. (LP: #1446809) - debian/patches/CVE-2012-1164.1.patch: don't leave empty slots in normalized attr values - debian/patches/CVE-2012-1164.2.patch: add FIXME comment, note that current patch is not ideal - debian/patches/CVE-2012-1164.3.patch: fix attr_dup2 when no values are present (attrsOnly = TRUE) - CVE-2012-1164 * SECURITY UPDATE: fix rwm overlay reference counting - debian/patches/CVE-2013-4449.patch: fix reference counting - CVE-2013-4449 * SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl() - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList - CVE-2015-1545 -- Felipe Reyes felipe.re...@canonical.com Tue, 19 May 2015 11:53:17 -0300 ** Changed in: openldap (Ubuntu Precise) Status: Triaged = Fix Released ** Changed in: openldap (Ubuntu Trusty) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
ACK on the debdiffs, I've uploaded them for building. (I removed the extra patch, and changed the pocket to -security). What testing did you perform on these? ** Also affects: openldap (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Vivid) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
** Summary changed: - [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) + [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
