A flaw in how 389-ds-base and Red Hat Directory Server handled the
checking of access rights on entries using GER (Get Effective Rights), a
way to extend directory searches to also display what access rights a
user has to a specified entry. When an attribute list is given in the
search request, and if there are several attributes whose names contain
the '@' character, 389-ds-base and Red Hat Directory Server would crash.
An attacker able to contact the server would be able to submit this type
of search request with no authentication required.
(Obviously no CVE is required, posting here as this was previously sent
to the distros@ mailing list)
Vincent Danen / Red Hat Security Response Team