[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL Authentication Segfaults slapd: DoS

Hello everyone,
I don't know what I've done wrong. If I use ldapsearch to query my OpenLDAP
2.2.5 server and I don't force simple authentication instead of SASL (-x),
slapd crashes with a segmentation fault. I've obviously got security
concerns over this because any schmoe with a shell account can crash my
server just by using ldapsearch and omitting -x.

OpenLDAP 2.2.5 (bdb) was compiled against a binary distribution of
cyrus-sasl 2.1.15. Later on cyrus-sasl was upgraded (from source) to 2.1.18.
I'm not sure if this problem existed prior to the upgrade of 2.1.18, but I
wouldn't expect such a minor revision to cause slapd to die so violently as
a result. Maybe that's a false assumption?

bdb: ../dist/configure --with-pic --disable-shared --prefix=/usr/local/bdb
openldap: ./configure --with-slapd --with-slurpd --with-threads=posix
--with-tls --with-cyrus-sasl --with-kerberos=k5only \
		--enable-static --enable-dynamic --disable-shared
--enable-rlookups --enable-wrappers --enable-cleartext \
		--enable-crypt --enable-spasswd --enable-kpasswd
--enable-modules --enable-bdb --bindir=/usr/bin \
		--sbindir=/usr/sbin --libexecdir=/usr/sbin --sysconfdir=/etc
--datadir=/usr/share --localstatedir=/var/run \
		--libdir=/usr/lib --includedir=/usr/include
--mandir=/usr/share/man --infodir=/usr/share/info
cyrus-sasl: ./configure --with-sasl-authd=/var/run/saslauthd --with-ldap
--bindir=/usr/bin --sbindir=/usr/sbin \
		--libexecdir=/usr/sbin --datadir=/usr/share
--sysconfdir=/etc --localstatedir=/var --libdir=/usr/lib \
		--includedir=/usr/include --infodir=/usr/share/info

slapd is invoked as: /usr/sbin/slapd -u ldap -h 'ldap://
ldaps://' -l daemon -4

If anybody has seen this or has any ideas please let me know. Thanks in