Full_Name: duffy lasker Version: slapd version 2.4.40 OS: CentOS 7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (184.96.44.7) security scans for kernel segmentation testing causes the slapd service to enter failed state, whether the test is successful (causes segmentation fault) or not. the ldap server is apparently flooded with STARTTLS events until test end or successful fault caused. flooded event: ACCEPT from IP=xxx.xxx.xxx.xxx:yyyyyy (IP=0.0.0.0:389) slapd[1251]: conn=15765834 op=0 STARTTLS slapd[1251]: conn=15765834 op=0 RESULT oid= err=0 text= ACCEPT from IP=xxx.xxx.xxx.xxx:zzzzz (IP=0.0.0.0:6%6) slapd[1251]: conn=15765834 fd=35 closed (TLS negotiation failure) result: kernel: slapd[14239]: segfault at 10 ip 00007f5028f81c65 sp 00007f4ffdffa550 error 4 in libnss3.so[7f5028f3b000+11e000] systemd: slapd.service: main process exited, code=killed, status=11/SEGV systemd: Unit slapd.service entered failed state. systemd: slapd.service failed.
duffy.lasker@sykes.com wrote: > Full_Name: duffy lasker > Version: slapd version 2.4.40 > OS: CentOS 7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (184.96.44.7) > > > security scans for kernel segmentation testing causes the slapd service to enter > failed state, whether the test is successful (causes segmentation fault) or > not. > > the ldap server is apparently flooded with STARTTLS events until test end or > successful fault caused. Note that the RHEL/CentOS packages of OpenLDAP are heavily patched and linked against libnss. Hence it's probably better to report this to them. Also there were some fixes in their packages recently. Did you yum update to latest package version? You can also try to reproduce this failure with recent OpenLDAP release built from source and linked to OpenSSL. That would be more important to the OpenLDAP community. Ciao, Michael.
changed notes moved from Incoming to Software Bugs
moved from Software Bugs to Incoming
moznss issue
changed notes changed state Open to Closed