Vigil@nce: Red Hat Directory Server, multiples vulnerabilities
August 2008 by Vigil@nce
Several vulnerabilities were announced in Red Hat Directory
Server, the worst one can lead to code execution.
– Gravity: 3/4
– Consequences: privileged access/rights
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 28/08/2008
– Identifier: VIGILANCE-VUL-8070
IMPACTED PRODUCTS
– Red Hat Enterprise Linux [confidential versions]
DESCRIPTION
Several vulnerabilities were announced in Red Hat Directory Server.
An attacker, who can access to the web administrative interface,
can use a long Accept-Language header in order to create a buffer
overflow in several CGI scripts, and thus execute code. [grav:3/4;
453916, BID-30869, CVE-2008-2928]
An attacker can use several Cross Site Scripting in Directory
Server Administration Express and Directory Server Gateway (DSGW).
[grav:2/4; 454621, BID-30870, CVE-2008-2929]
An attacker can use a special LDAP query in order to consume a
large amount of CPU time and thus create a denial of service.
[grav:2/4; 454065, BID-30871, CVE-2008-2930]
An attacker can use several memory leaks in order to progressively
create a denial of service. [grav:2/4; 458977, BID-30872,
CVE-2008-3283]
CHARACTERISTICS
– Identifiers: 453916, 454065, 454621, 458977, BID-30869, BID-30870,
BID-30871, BID-30872, CVE-2008-2928, CVE-2008-2929, CVE-2008-2930,
CVE-2008-3283, RHSA-2008:0596-01, RHSA-2008:0601-01,
RHSA-2008:0602-01, VIGILANCE-VUL-8070
– Url: https://vigilance.aql.fr/tree/1/8070