Red Hat Directory Server Regular Expression Handler Buffer Overflow - Security


Editor Login \| Register		Ekle

> World > Security

Red Hat Directory Server Regular Expression Handler Buffer Overflow - Security - World -

CWRedLight

(Date : 12.05.2008 22:06:15)

Red Hat Directory Server Regular Expression Handler Buffer Overflow

Secunia Advisory:	SA30181
Release Date:	2008-05-12

Critical:	Moderately critical
Impact:	DoS System access
Where:	From local network
Solution Status:	Vendor Patch

Software:	Red Hat Directory Server 7.x Red Hat Directory Server 8.x

CVE reference:	CVE-2008-1677 (Secunia mirror)

Description:
A vulnerability has been reported in Red Hat Directory Server, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the regular expression handler and can be exploited to cause a buffer overflow by supplying an overly long regular expression in an LDAP search.

Successful exploitation may allow execution of arbitrary code.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com/

Provided and/or discovered by:
Nathan Kinder

Changelog:
2008-05-12: Added link to RHSA-2008-0268.

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2008-0269.html
http://rhn.redhat.com/errata/RHSA-2008-0268.html

Derecelendir

Kaynak

http://secunia.com/advisories/30181/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS