summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Firstyear [Fri, 9 Jul 2021 01:53:35 +0000 (11:53 +1000)]
CVE-2021-3652 - locked crypt accounts on import may allow all passwords (#4819) - Issue 4817 - BUG
Bug Description: Due to mishanding of short dbpwd hashes, the
crypt_r algorithm was misused and was only comparing salts
in some cases, rather than checking the actual content
of the password.
Fix Description: Stricter checks on dbpwd lengths to ensure
that content passed to crypt_r has at least 2 salt bytes and
1 hash byte, as well as stricter checks on ct_memcmp to ensure
that compared values are the same length, rather than potentially
allowing overruns/short comparisons.
fixes: https://github.com/389ds/389-ds-base/issues/4817
Author: William Brown <william@blackhats.net.au>
Review by: @mreynolds389
Origin: backport, commit:
aeb90eb0c41fc48541d983f323c627b2e6c328c7
Gbp-Pq: Name CVE-2021-3652-locked-crypt-accounts-may-allow-all-pwd.patch
Pierre Rogier [Fri, 14 Jun 2024 11:27:10 +0000 (13:27 +0200)]
Security fix for CVE-2024-5953
Description:
A denial of service vulnerability was found in the 389 Directory Server.
This issue may allow an authenticated user to cause a server denial
of service while attempting to log in with a user with a malformed hash
in their password.
Fix Description:
To prevent buffer overflow when a bind request is processed, the bind fails
if the hash size is not coherent without even attempting to process further
the hashed password.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-5953
- https://access.redhat.com/security/cve/CVE-2024-5953
- https://bugzilla.redhat.com/show_bug.cgi?id=
2292104
Origin: upstream, commit:
b7a266f7fd07661afb0c979e76ff8a3a8b9dd0ae
Gbp-Pq: Name CVE-2024-5953.patch
Pierre Rogier [Wed, 17 Apr 2024 16:18:04 +0000 (18:18 +0200)]
Security fix for CVE-2024-3657
Description:
A flaw was found in the 389 Directory Server. A specially-crafted LDAP query
can potentially cause a failure on the directory server, leading to a denial
of service.
Fix Description:
The code was modified to avoid a buffer overflow when logging some requests
in the audit log.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-3657
- https://access.redhat.com/security/cve/CVE-2024-3657
- https://bugzilla.redhat.com/show_bug.cgi?id=
2274401
Origin: upstream, commit:
1cbd6144eecdfaab0f7a84a92cc3de7ee413ac3f
Gbp-Pq: Name CVE-2024-3657.patch
James Chapman [Wed, 1 May 2024 14:01:33 +0000 (15:01 +0100)]
Security fix for CVE-2024-2199
Description:
A denial of service vulnerability was found in the 389 Directory Server.
This issue may allow an authenticated user to cause a server crash while
modifying userPassword using malformed input.
Fix Description:
When doing a mod on userPassword we reset the pblock modifier after we
set the modified timestamp, ensuring the pblock data stays valid.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-2199
- https://access.redhat.com/security/cve/CVE-2024-2199
- https://bugzilla.redhat.com/show_bug.cgi?id=
2267976
Origin: upstream, commit:
a9d87c9dbef85506eedc31d96da8a68766b4fc91
Gbp-Pq: Name CVE-2024-2199.patch
tbordaz [Tue, 27 Apr 2021 07:29:32 +0000 (09:29 +0200)]
[PATCH] Issue 4711 - SIGSEV with sync_repl (#4738)
Bug description:
sync_repl sends back entries identified with a unique
identifier that is 'nsuniqueid'. If 'nsuniqueid' is
missing, then it may crash
Fix description:
Check a nsuniqueid is available else returns OP_ERR
relates: https://github.com/389ds/389-ds-base/issues/4711
Reviewed by: Pierre Rogier, James Chapman, William Brown (Thanks!)
Platforms tested: F33
Gbp-Pq: Name 4711-SIGSEV-with-sync_repl-4738.patch
Debian FreeIPA Team [Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)]
fix-s390x-failure
commit
900e6fdcf152dd696b5ae189cb1d7c67ab143bae
Author: tbordaz <tbordaz@redhat.com>
Date: Thu Jan 28 10:39:31 2021 +0100
Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
Bug description:
SLAPI_OPERATION_TYPE is a stored/read as an int (slapi_pblock_get/set).
This although the storage field is an unsigned long.
Calling slapi_pblock_get with an long (8 btyes) destination creates
a problem on big-endian (s390x).
Fix description:
Define destination op_type as an int (4 bytes)
relates: https://github.com/389ds/389-ds-base/issues/4563
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31 (little endian), Debian (big endian)
Gbp-Pq: Name fix-s390x-failure.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Andrej Shadura [Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)]
389-ds-base (1.4.4.11-2+deb11u1) bullseye-security; urgency=medium
* Non-maintainer upload by the LTS team.
* Backport security patches from the upstream.
- CVE-2021-3652: Locked crypt accounts on import may allow any password.
- CVE-2021-4091: Double-free of the virtual attribute context in
persistent search, forcing the server to behave unexpectedly, and crash.
- CVE-2022-0918: Denial of service triggered by specially crafted
unauthenticated message crashing the server.
- CVE-2022-0996: User with an expired password can still login with full
privileges.
- CVE-2022-2850: Crash while managing invalid cookie causing denial of
service.
- CVE-2024-2199 and CVE-2024-8445: Crash when modifying userPassword using
malformed input.
- CVE-2024-3657: Failure on the directory server with specially crafted
LDAP query leading to denial of service.
- CVE-2024-5953: Denial of service while attempting to log in with
a user with a malformed hash in their password.
[dgit import unpatched 389-ds-base 1.4.4.11-2+deb11u1]
Andrej Shadura [Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)]
Import 389-ds-base_1.4.4.11-2+deb11u1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.11-2+deb11u1 389-ds-base_1.4.4.11-2+deb11u1.debian.tar.xz]
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (13:03 +0200)]
Import 389-ds-base_1.4.4.11.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.11.orig.tar.bz2]
projects / 389-ds-base.git / log