389 Directory Server NULL Pointer Dereference Vulnerability Leading to Denial-of-Service

A null pointer dereference vulnerability has been identified in the 389 Directory Server (LDAP server) version 3 (LDAPv3) compliant. This issue arises during a Modify DN (MODDN) operation when the return value of a function is not properly checked, allowing a NULL pointer to be dereferenced. If a privileged user executes a MODDN operation after a previous one has failed, it can result in a denial-of-service condition or cause the system to crash.

Impact

Exploitation of this vulnerability causes the LDAP server process to crash, exit, or restart, disrupting service availability. In some cases, such null pointer dereferences can be exploited to read or modify memory, potentially leading to unauthorized code execution.

Reproduction

The vulnerability can be reproduced by performing a Modify DN operation through the LDAP protocol. After a failed operation, a privileged user can issue another MODDN operation, which will trigger the null pointer dereference and cause a denial-of-service condition.

Remediation

Users can apply the available update for 389-ds-base, which is included in the Red Hat Enterprise Linux 9.4 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Directory Server 12.4 EUS for RHEL 9. Instructions for applying this update are available on the Red Hat Customer Portal.