← Back to team overview

enterprise-support team mailing list archive

  1. enterprise-support team
  2. Mailing list archive
  3. Message #07865

[Bug 1838370] [NEW] slapd segfault on filter parse error

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Hello!
We have faced slapd crash, seems an attacker was trying to brute force one
of our services and uid parsing failures caused slapd crash:

Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH
base="ou=test,dc=test,dc=com" scope=2 deref=0
filter="(&(uid=aistar123<>!n)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH attr=objectClass uid
userPassword uidNumber gidNumber gecos homeDirectory loginShell
krbPrincipalName cn memberOf modifyTimestamp modifyTimestamp
shadowLastChange shadowMin shadow
Max shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange
krbPasswordExpiration pwdAttribute authorizedService accountExpires
userAccountControl nsAccountLock host loginDisabled loginExpirationTime
loginAllowedTimeMap sshPublic
Key
Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SEARCH RESULT tag=101 err=0
nentries=0 text=massaged filter parse error
Jul 26 18:59:47 kernel: [ 9441.554161] slapd[2367]: segfault at 18 ip
00007fc8d18ec512 sp 00007fc8889e2810 error 4 in libc-2.23.so
[7fc8d1868000+1c0000]

Another faulty filter example:
filter="(&(uid=sql<>?)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
filter="(&(uid=fugeone<>?123)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"

$ lsb_release -rd
Description: Ubuntu 16.04.5 LTS
Release: 16.04

$ slapd -VVV
@(#) $OpenLDAP: slapd  (Ubuntu) (May 22 2018 13:54:12) $
buildd@lcy01-amd64-019
:/build/openldap-t_Ta0O/openldap-2.4.42+dfsg/debian/build/servers/slapd

Included static backends:
    config
    ldif

$ apt-cache policy slapd
slapd:
  Installed: 2.4.42+dfsg-2ubuntu3.3
  Candidate: 2.4.42+dfsg-2ubuntu3.5
  Version table:
     2.4.42+dfsg-2ubuntu3.5 500
        500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64
Packages
 *** 2.4.42+dfsg-2ubuntu3.3 100
        100 /var/lib/dpkg/status
     2.4.42+dfsg-2ubuntu3.2 500
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64
Packages
     2.4.42+dfsg-2ubuntu3 500
        500 http://nl.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

 affects ubuntu/openldap

** Affects: openldap (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1838370

Title:
  slapd segfault on filter parse error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1838370/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next