[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
** Changed in: openldap (Ubuntu Precise) Assignee: (unassigned) = Felipe Reyes (freyes) ** Changed in: openldap (Ubuntu Trusty) Assignee: (unassigned) = Felipe Reyes (freyes) ** Changed in: openldap (Ubuntu Utopic) Assignee: (unassigned) = Felipe Reyes (freyes) ** Changed in: openldap (Ubuntu Vivid) Assignee: (unassigned) = Felipe Reyes (freyes) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
Marc, I tested these patches against two scenarios: 1) single node with default configuration and phpldapadmin, 2) a two nodes scenario, 1 node configures a relay and translucent proxy and connects to the second one which has a default configuration. For details of each configuration please see at the end. Is there any specific configuration that you would like me to test?. Best, SCENARIO 1, this is a single node configuration running a default configuration and phpldapadmin #+BEGIN_SRC shell sudo apt-get install -y slapd ldap-utils sudo dpkg-reconfigure slapd # Omit OpenLDAP server configuration? No # DNS domain? ldap.example.com # Organization name? example # Administrator password? ubuntu # Database backend to use? HDB # Remove the database when slapd is purged? No # Move old database? Yes # Allow LDAPv2 protocol? No sudo apt-get install -y phpldapadmin sudo sed -i s/127.0.0.1/10.0.3.196/ /etc/phpldapadmin/config.php sudo sed -i s/dc=example,dc.com/dc=ldap,dc=example,dc=com/ /etc/phpldapadmin/config.php sudo service apache2 restart cat EOF /tmp/foo.ldif dn: ou=People,dc=ldap,dc=example,dc=com ou: People description: All people objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=ldap,dc=example,dc=com ou: Group description: All groups objectClass: top objectClass: organizationalUnit dn: uid=user1,ou=People,dc=ldap,dc=example,dc=com uid: user1 cn: user1 objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {CRYPT}Az/RBEIomiu0c shadowLastChange: 15192 shadowMin: 0 shadowMax: 9 shadowWarning: 7 loginShell: /bin/bash uidNumber: 1001 gidNumber: 1001 homeDirectory: /home/users/user1 dn: cn=user1,ou=Group,dc=ldap,dc=example,dc=com objectClass: posixGroup objectClass: top cn: user1 userPassword: {crypt}x gidNumber: 1001 EOF ldapadd -x -w ubuntu -D cn=admin,dc=ldap,dc=example,dc=com -f /tmp/foo.ldif ldapsearch -x -w ubuntu -D cn=admin,dc=ldap,dc=example,dc=com -b dc=ldap,dc=example,dc=com | tail -n1 | egrep -e '# numEntries: 6$' || echo ERROR adding ldif sensible-browser http://$IP/phpldapadmin # login and check entries created with phpldapadmin #+END_SRC SCENARIO 2: this is a 2 nodes setup, one of the nodes configures a relay and a translucent proxy. node 1 config: #+BEGIN_SRC shell echo 10.0.3.240 ldap.example.com | sudo tee -a /etc/hosts # IP of node number 2 sudo apt-get install -y slapd ldap-utils cat EOF /etc/ldap/slapd.conf pidfile /var/run/slapd.pid TLSCACertificateFile/etc/ssl/certs/ca-certificates.crt modulepath /usr/lib/ldap moduleload back_hdb.la moduleload back_relay.la moduleload back_ldap.la moduleload rwm.la moduleload translucent.la include /etc/ldap/schema/core.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/openldap.schema accessto attrs=userPassword by * auth accessto * by * read backend hdb backend relay database hdb directory /var/lib/ldap suffixdc=foo,dc=example,dc=com rootdncn=admin,dc=foo,dc=example,dc=com rootpwubuntu index objectClass eq database relay suffixdc=example,dc=com overlay rwm rwm-suffixmassage dc=foo,dc=example,dc=com overlay translucent uri ldap://ldap.example.com EOF sudo slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d sudo chown -R openldap: /etc/ldap/slapd.d sudo touch /var/run/slapd.pid sudo chown openldap: /var/run/slapd.pid sudo service slapd restart #+END_SRC node 2 (ldap.example.com) configuration: #+BEGIN_SRC shell sudo apt-get install -y slapd ldap-utils # Omit OpenLDAP server configuration? No # DNS domain? example.com # Organization name? example # Administrator password? ubuntu # Database backend to use? HDB # Remove the database when slapd is purged? No # Move old database? Yes # Allow LDAPv2 protocol? No sudo service slapd restart cat EOF /tmp/enable-debug # config dn: cn=config changetype: modify replace:olcLogLevel olcLogLevel: 7 EOF ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /tmp/enable-debug # create a few records cat EOF /tmp/foo.ldif dn: ou=People,dc=example,dc=com ou: People description: All people objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=example,dc=com ou: Group description: All groups objectClass: top objectClass: organizationalUnit dn: uid=user1,ou=People,dc=example,dc=com uid: user1 cn: user1 objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {CRYPT}Az/RBEIomiu0c shadowLastChange: 15192 shadowMin: 0 shadowMax: 9 shadowWarning: 7 loginShell: /bin/bash uidNumber: 1001 gidNumber: 1001 homeDirectory: /home/users/user1 dn: cn=user1,ou=Group,dc=example,dc=com objectClass: posixGroup objectClass: top cn: user1 userPassword: {crypt}x
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
This bug was fixed in the package openldap - 2.4.31-1+nmu2ubuntu12.1 --- openldap (2.4.31-1+nmu2ubuntu12.1) vivid-security; urgency=medium * SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809) - debian/patches/CVE-2013-4449.patch: fix reference counting - CVE-2013-4449 * SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl() - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList - CVE-2015-1545 -- Felipe Reyes felipe.re...@canonical.com Tue, 19 May 2015 12:58:25 -0300 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
This bug was fixed in the package openldap - 2.4.31-1+nmu2ubuntu11.1 --- openldap (2.4.31-1+nmu2ubuntu11.1) utopic-security; urgency=medium * SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809) - debian/patches/CVE-2013-4449.patch: fix reference counting - CVE-2013-4449 * SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl() - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList - CVE-2015-1545 -- Felipe Reyes felipe.re...@canonical.com Tue, 19 May 2015 12:59:29 -0300 ** Changed in: openldap (Ubuntu Utopic) Status: New = Fix Released ** Changed in: openldap (Ubuntu Vivid) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
This bug was fixed in the package openldap - 2.4.31-1+nmu2ubuntu8.1 --- openldap (2.4.31-1+nmu2ubuntu8.1) trusty-security; urgency=medium * SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809) - debian/patches/CVE-2013-4449.patch: fix reference counting - CVE-2013-4449 * SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl() - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList - CVE-2015-1545 -- Felipe Reyes felipe.re...@canonical.com Tue, 19 May 2015 13:00:21 -0300 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
This bug was fixed in the package openldap - 2.4.28-1.1ubuntu4.5 --- openldap (2.4.28-1.1ubuntu4.5) precise-security; urgency=medium * SECURITY UPDATE: denial of service via an LDAP search query with attrsOnly set to true. (LP: #1446809) - debian/patches/CVE-2012-1164.1.patch: don't leave empty slots in normalized attr values - debian/patches/CVE-2012-1164.2.patch: add FIXME comment, note that current patch is not ideal - debian/patches/CVE-2012-1164.3.patch: fix attr_dup2 when no values are present (attrsOnly = TRUE) - CVE-2012-1164 * SECURITY UPDATE: fix rwm overlay reference counting - debian/patches/CVE-2013-4449.patch: fix reference counting - CVE-2013-4449 * SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl() - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList - CVE-2015-1545 -- Felipe Reyes felipe.re...@canonical.com Tue, 19 May 2015 11:53:17 -0300 ** Changed in: openldap (Ubuntu Precise) Status: Triaged = Fix Released ** Changed in: openldap (Ubuntu Trusty) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
ACK on the debdiffs, I've uploaded them for building. (I removed the extra patch, and changed the pocket to -security). What testing did you perform on these? ** Also affects: openldap (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Vivid) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
** Summary changed: - [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) + [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs