Bug 26768

Summary: openldap: bad path for pid in slapd, and security issue in modrdn (CVE-2020-25692)
Product: Mageia Reporter: eric gerbier <eric.gerbier>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, bgmilne, herman.viaene, luigiwalser, olav, ouaurelien, sysadmin-bugs
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: openldap-2.4.50-1.1.mga7.src.rpm CVE: CVE-2020-25692
Status comment:

Description eric gerbier 2020-06-11 09:08:17 CEST 
Description of problem:
in systemd logs, I have the following warning :
Jun 10 22:20:01 hvrenat4 systemd[1]: /usr/lib/systemd/system/slapd.service:6: PIDFile= references path below legacy directory /var/run/, updating /var/run/ldap/slapd.pid → /run/ldap/slapd.pid; please update the unit file accordingly.

in openldap packages, pid files are still in /var/run/ directory instead on /run
It comes from /lib/systemd/system/slapd.service : line 
PIDFile=/var/run/ldap/slapd.pid


Version-Release number of selected component (if applicable):
openldap-servers-2.4.50-1.1.mga7


How reproducible:
on each start/restart

Steps to Reproduce:
1. urpmi openldap-servers
2. systemctl start slapd.service
3.
Comment 1 Olav Vitters 2020-06-11 11:36:52 CEST 
I fixed this in Cauldron with openldap-2.4.50-3.mga8. It needed changes in slapd.service and slapd.conf.

Maintainer is buchan, probably should've left this bug. buchan: if you want to backport to Mageia 7, feel free. See http://svnweb.mageia.org/packages?view=revision&revision=1592442

CC: (none) => bgmilne, olav

Comment 2 Lewis Smith 2020-06-11 19:28:26 CEST 
Thanks Olav for your M8 fix.
As this is a legitimate M7 bug, Buchan please do fix it for that. Assigning the bug to you.

Assignee: bugsquad => bgmilne
CC: bgmilne => (none)

Comment 3 David Walser 2020-08-16 01:58:19 CEST 
Thanks Olav!  Fixed in Mageia 7 SVN in r1614197.  Will be pushed with the next security update.

Summary: bad path for pid in slapd => openldap: bad path for pid in slapd
CC: (none) => luigiwalser

Comment 4 David Walser 2020-10-31 14:37:00 CET 
Debian has issued an advisory on October 30:
https://www.debian.org/security/2020/dsa-4782

Patched package uploaded for Mageia 7.

Advisory:
========================

Updated openldap packages fix security vulnerability:

A vulnerability in the handling of normalization with modrdn was discovered in
OpenLDAP. An unauthenticated remote attacker can use this flaw to cause a
denial of service (slapd daemon crash) via a specially crafted packet
(ITS#9370).

Also, the PID file path in the systemd service was fixed to use /run as the
parent, rather than /var/run, eliminating warning messages in the logs.

References:
https://bugs.openldap.org/show_bug.cgi?id=9370
https://www.debian.org/security/2020/dsa-4782
========================

Updated packages in core/updates_testing:
========================
openldap-2.4.50-1.2.mga7
openldap-servers-2.4.50-1.2.mga7
openldap-servers-devel-2.4.50-1.2.mga7
openldap-clients-2.4.50-1.2.mga7
libldap2.4_2-2.4.50-1.2.mga7
libldap2.4_2-devel-2.4.50-1.2.mga7
libldap2.4_2-static-devel-2.4.50-1.2.mga7
openldap-back_sql-2.4.50-1.2.mga7
openldap-back_bdb-2.4.50-1.2.mga7
openldap-back_mdb-2.4.50-1.2.mga7
openldap-doc-2.4.50-1.2.mga7
openldap-tests-2.4.50-1.2.mga7
openldap-testprogs-2.4.50-1.2.mga7

from openldap-2.4.50-1.2.mga7.src.rpm

Assignee: bgmilne => qa-bugs
Summary: openldap: bad path for pid in slapd => openldap: bad path for pid in slapd, and security issue in modrdn
QA Contact: (none) => security
Component: RPM Packages => Security
CC: (none) => bgmilne

Comment 5 Herman Viaene 2020-11-09 11:29:12 CET 
MGA7-64 MATE on Peaq C1011
No installation issues.
Ref to steps to reproduce above:
# systemctl start slapd

# systemctl -l status slapd
● slapd.service - OpenLDAP Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-11-09 11:10:40 CET; 25s ago
  Process: 13371 ExecStartPre=/usr/share/openldap/scripts/ldap-config check (code=exited, status=0/SUCCESS)
  Process: 13408 ExecStart=/usr/sbin/slapd -u ${LDAP_USER} -g ${LDAP_GROUP} -h ${SLAPDURLLIST} -l ${SLAPDSYSLOGLOCALUSER} -s ${SLAPDSYSLOGLEVEL} (code=exited, s>
 Main PID: 13409 (slapd)
    Tasks: 3 (limit: 2288)
   Memory: 5.5M
   CGroup: /system.slice/slapd.service
           └─13409 /usr/sbin/slapd -u ldap -g ldap -h ldap:/// ldapi:/// -l local4 -s 0

Nov 09 11:10:39 mach6.hviaene.thuis systemd[1]: Starting OpenLDAP Server Daemon...
Nov 09 11:10:39 mach6.hviaene.thuis su[13379]: (to ldap) root on none
Nov 09 11:10:40 mach6.hviaene.thuis su[13379]: pam_unix(su:session): session opened for user ldap by (uid=0)
Nov 09 11:10:40 mach6.hviaene.thuis su[13379]: pam_unix(su:session): session closed for user ldap
Nov 09 11:10:40 mach6.hviaene.thuis ldap-config[13371]: Checking config file /etc/openldap/slapd.conf: [  OK  ]
Nov 09 11:10:40 mach6.hviaene.thuis systemd[1]: Started OpenLDAP Server Daemon.

and# journalctl -xe | grep slap
-- Subject: A start job for unit slapd.service has begun execution
-- A start job for unit slapd.service has begun execution.
Nov 09 11:10:40 mach6.hviaene.thuis ldap-config[13371]: Checking config file /etc/openldap/slapd.conf: [  OK  ]
-- Subject: A start job for unit slapd.service has finished successfully
-- A start job for unit slapd.service has finished successfully.

So no more messages on /var/run
Seems OK

Whiteboard: (none) => MGA7-64-OK
CC: (none) => herman.viaene

Comment 6 Thomas Andrews 2020-11-09 18:07:45 CET 
Validating. Advisory in Comment 4.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 7 Aurelien Oudelet 2020-11-10 09:35:40 CET 
Advisory pushed to SVN.

CC: (none) => ouaurelien
CVE: (none) => CVE-2020-25692
Keywords: (none) => advisory

Comment 8 Mageia Robot 2020-11-10 16:21:17 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0407.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

David Walser 2020-11-11 00:42:14 CET

Summary: openldap: bad path for pid in slapd, and security issue in modrdn => openldap: bad path for pid in slapd, and security issue in modrdn (CVE-2020-25692)