3. Fixes in 7.1 SP6

3. Fixes in 7.1 SP6

The security fixes included in Directory Server 7.1 SP6 are listed in Table 1, “Directory Server 7.1 SP6 Errata”. See the Directory Server Errata updates in Red Hat Network for complete descriptions for these security patches.

Errata Number Bug Number Description
RHSA-2008:0268 444712 Red Hat Directory Server 7.1 had a buffer overflow flaw in its regular expression handler.

Users, both authenticated and anonymous, can search the LDAP server; for example, to find everyone with a last name starting with Th, a user can search for the surname attribute, sn=Th*. Internally, the Directory Server translates the search into a regular expression.

The data for the regular expression could be written past the end of the buffer if the search string was very long or complex. This led to three problems:

  • The wrong entries were returned or no entries were returned in the search, even if there were matching entries in the directory.

  • Arbitrary code could be executed.

  • The slapd daemon could crash.

Because searches can be performed by any user, even anonymous users (if anonymous access is allowed), an attacker could construct an LDAP search that caused the server to crash or to run malicious code.

Table 1. Directory Server 7.1 SP6 Errata