Bug 20659

Summary:	389-ds-base new security issue CVE-2017-2668
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	critical
Priority:	Normal	CC:	davidwhodgins, herman.viaene, mageia, marja11, nicolas.salguero, sysadmin-bugs
Version:	5	Keywords:	validated_update
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	advisory MGA5-32-OK MGA5-64-OK
Source RPM:	389-ds-base-1.3.5.15-5.mga6.src.rpm	CVE:	CVE-2017-2668
Status comment:

Description David Walser 2017-04-14 21:43:50 CEST

RedHat has issued advisories on April 11 and April 12:
https://rhn.redhat.com/errata/RHSA-2017-0893.html
https://rhn.redhat.com/errata/RHSA-2017-0920.html

Mageia 5 is also affected.

David Walser 2017-04-14 21:43:57 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 Marja Van Waes 2017-04-15 09:49:28 CEST

Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Nicolas Lécureuil 2017-04-22 22:24:21 CEST

CVE: (none) => CVE-2017-2668
CC: (none) => mageia

Nicolas Lécureuil 2017-04-24 15:37:34 CEST

Version: Cauldron => 5
Whiteboard: MGA5TOO => (none)

Comment 2 Nicolas Salguero 2017-04-27 10:50:04 CEST

Suggested advisory:
========================

The updated packages fix a security vulnerability:

An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. (CVE-2017-2668)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2668
https://rhn.redhat.com/errata/RHSA-2017-0893.html
https://rhn.redhat.com/errata/RHSA-2017-0920.html
========================

Updated packages in core/updates_testing:
========================
389-ds-base-1.3.4.14-1.2.mga5
lib(64)389-ds-base0-1.3.4.14-1.2.mga5
lib(64)389-ds-base-devel-1.3.4.14-1.2.mga5

from SRPMS:
389-ds-base-1.3.4.14-1.2.mga5.src.rpm

Assignee: pkg-bugs => qa-bugs
CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED

Dave Hodgins 2017-04-27 20:41:14 CEST

Whiteboard: (none) => advisory
CC: (none) => davidwhodgins

Comment 3 Herman Viaene 2017-04-28 10:15:26 CEST

MGA5-32 on AsusA6000VM Xfce
No installation issues.
Completed test as per bug 11720 Comment 7 (tx Claire), all OK.
# systemctl start dirsrv@mach6.service
# systemctl -l status dirsrv@mach6.service
â dirsrv@mach6.service - 389 Directory Server mach6.
   Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; static)
   Active: active (running) since vr 2017-04-28 10:08:35 CEST; 18s ago
  Process: 12182 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid -w /var/run/dirsrv/slapd-%i.startpid (code=exited, status=0/SUCCESS)
 Main PID: 12185 (ns-slapd)
   CGroup: /system.slice/system-dirsrv.slice/dirsrv@mach6.service
           ââ12185 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-mach6 -i /var/run/dirsrv/slapd-mach6.pid -w /var/run/dirsrv/slapd-mach6.startpid

# netstat -pant | grep 389
tcp6       0      0 :::389                  :::*                    LISTEN      12185/ns-slapd      

# ldapsearch -x -h localhost -s base -b ""  "objectclass=*"
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: objectclass=*
# requesting: ALL
#

#
dn:
objectClass: top
defaultnamingcontext: dc=hviaene,dc=thuis
dataversion: 020170428080836
netscapemdsuffix: cn=ldap://dc=mach6,dc=hviaene,dc=thuis:389

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Whiteboard: advisory => advisory MGA5-32-OK
CC: (none) => herman.viaene

Comment 4 Dave Hodgins 2017-05-02 03:41:16 CEST

Mageia 5 x86_64. After running setup-ds.pl ...
[root@x5v ~]# systemctl status dirsrv@x5v.service
● dirsrv@x5v.service - 389 Directory Server x5v.
   Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled)
   Active: active (running) since Mon 2017-05-01 21:36:27 EDT; 2min 5s ago
  Process: 3218 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid -w /var/run/dirsrv/slapd-%i.startpid (code=exited, status=0/SUCCESS)
 Main PID: 3234 (ns-slapd)
   CGroup: /system.slice/system-dirsrv.slice/dirsrv@x5v.service
           └─3234 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-x5v -i /var/run/dirsrv/slapd-x5v.pid -w /var/run/dirsrv/slapd-x5v.startpid

May 01 21:36:27 x5v.hodgins.homeip.net systemd[1]: Starting 389 Directory Server x5v....
May 01 21:36:27 x5v.hodgins.homeip.net systemd[1]: Started 389 Directory Server x5v..
[root@x5v ~]# netstat -pant | grep 389
tcp6       0      0 :::389                  :::*                    LISTEN      3234/ns-slapd       
[root@x5v ~]# ldapsearch -x -h localhost -s base -b ""  "objectclass=*"
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: objectclass=*
# requesting: ALL
#

#
dn:
objectClass: top
defaultnamingcontext: dc=hodgins,dc=homeip,dc=net
dataversion: 020170502013627
netscapemdsuffix: cn=ldap://dc=x5v,dc=hodgins,dc=homeip,dc=net:389

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Validating the update.

Whiteboard: advisory MGA5-32-OK => advisory MGA5-32-OK MGA5-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2017-05-02 08:47:11 CEST

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0123.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED