[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8459) security scans causing slapd failure

To: openldap-its@OpenLDAP.org
Subject: (ITS#8459) security scans causing slapd failure
From: duffy.lasker@sykes.com
Date: Tue, 05 Jul 2016 17:12:52 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: duffy lasker
Version: slapd version 2.4.40
OS: CentOS 7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (184.96.44.7)


security scans for kernel segmentation testing causes the slapd service to enter
failed state, whether the test is successful (causes segmentation fault) or
not.

the ldap server is apparently flooded with STARTTLS events until test end or
successful fault caused.

flooded event:
ACCEPT from IP=xxx.xxx.xxx.xxx:yyyyyy (IP=0.0.0.0:389)
slapd[1251]: conn=15765834 op=0 STARTTLS
slapd[1251]: conn=15765834 op=0 RESULT oid= err=0 text=
ACCEPT from IP=xxx.xxx.xxx.xxx:zzzzz (IP=0.0.0.0:6%6)
slapd[1251]: conn=15765834 fd=35 closed (TLS negotiation failure)

result:
kernel: slapd[14239]: segfault at 10 ip 00007f5028f81c65 sp 00007f4ffdffa550
error 4 in libnss3.so[7f5028f3b000+11e000]
systemd: slapd.service: main process exited, code=killed, status=11/SEGV
systemd: Unit slapd.service entered failed state.
systemd: slapd.service failed.

Prev by Date: (ITS#8458) syncrepl ppolicy with LDIF backend fails
Next by Date: Re: (ITS#8459) security scans causing slapd failure
Index(es):
- Chronological
- Thread