389 Directory Server Out-of-Bounds Read Vulnerability in LDIF Parser

A heap out-of-bounds read vulnerability has been identified in 389 Directory Server. This issue arises in the LDIF parser function 'str2entry_state_information_from_type()' when the parser processes attribute types with trailing semicolons during database import. The flaw allows the parser to read past the end of a heap buffer, creating an out-of-bounds read that can be detected with memory instrumentation. The vulnerability requires local administrator access to exploit, and while it has been confirmed on instrumented builds, it does not cause a crash in production binaries due to allocator padding.

Impact

Exploitation of this vulnerability leads to a heap out-of-bounds read, which can cause a segmentation fault or crash. This type of memory access could also be used to read sensitive information from memory, such as cryptographic keys or personal identifiable information, and potentially bypass memory protection mechanisms to facilitate the exploitation of other vulnerabilities.

Remediation

Validate LDIF files for malformed attribute types before importing. Reject any LDIF entry containing attribute types with trailing semicolons. This vulnerability is present in all versions of 389 Directory Server.