[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6163) back-sql DoS when searching for empty attr

To: openldap-its@OpenLDAP.org
Subject: (ITS#6163) back-sql DoS when searching for empty attr
From: karavelov@spnet.net
Date: Mon, 8 Jun 2009 19:12:08 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Luben Karavelov
Version: 2.4.11-15
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (78.83.96.32)


We use ldap for some user accounts authentication here and we have found that
queries of this kind :

ldapsearch -b "dc=users,dc=example,dc=com"
"(&(objectClass=posixAccount)(uid=))"

kill slapd. It exits on assert( 0 ) at line 1366 of back-sql/search.c

It is even nastier because it could be remotely triggered with 

ssh -l "" server-with-ldap-accounts-in-nss.example.com

or through ftp using the same technique.

Prev by Date: Re: (ITS#6151) Update cosine.schema to RFC 4524
Next by Date: (ITS#6164) send_ldap_ber() spins holding c_write1_mutex
Index(es):
- Chronological
- Thread