Vigil@nce - OpenLDAP: NULL pointer dereference via deref
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force a NULL pointer to be dereferenced in the
deref overlay of OpenLDAP, in order to trigger a denial of service.
Impacted products: OpenLDAP
Severity: 2/4
Creation date: 06/02/2015
DESCRIPTION OF THE VULNERABILITY
The OpenLDAP directory supports the overlay (additional feature)
"deref" (if compiled with —enable-deref) which returns
information from a reference of a search result. For example:
ldapsearch -E ’deref=member:entryUUID’.
However, if the requested attribute is empty, the
deref_parseCtrl() function of the servers/slapd/overlays/deref.c
file does not check if a pointer is NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced
in the deref overlay of OpenLDAP, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenLDAP-NULL-pointer-dereference-via-deref-16124