[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3642) back-dnssrv may cause assertion to fail
As potential DoS attacks are not considered "major security"
issues, I now make this report public.
Kurt
At 01:00 PM 4/8/2005, ando@sys-net.it wrote:
>Full_Name: Pierangelo Masarati
>Version: HEAD/2.3/2.2
>OS: Linux (whitebox)
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (81.72.89.40)
>
>
>Note: I've marked this as a security issue because it can potentially cause a
>denial of service for those that use DNSSRV. A quick fix is to disable the
>service; a cleaner solution consists in applying the simple fix I'm indicating
>below.
>
>A sr_ref is not cleared after sending a referral; this for instance may cause
>and assert() to fail in slapd, with subsequent abort(). The problem doesn't
>appear with searches, but may appear with other operations, like compare.
>
>Moreover, multiple results are being returned, because dnssrv_back_referrals()
>is returning 0 (success) instead of 10 (referral) after correctly processing the
>referral. This is also occurring with searches.
>
>A fix is in HEAD:
>
>i.e. back-dnssrv/referral.c 1.20 -> 1.22
>
>the very same fix can be applied to 2.2 and 2.3.
>
>p.