Red Hat Directory Server Accept Language HTTP Headers Buffer Overflow Vulnerability
BID:30869
Info
Red Hat Directory Server Accept Language HTTP Headers Buffer Overflow Vulnerability
| Bugtraq ID: | 30869 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-2928 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 27 2008 12:00AM |
| Updated: | Apr 16 2015 05:50PM |
| Credit: | The vendor |
| Vulnerable: |
RedHat Fedora Directory Server 7.1 SP6 RedHat Fedora Directory Server 7.1 SP5 RedHat Directory Server 7.1 SP4 RedHat Directory Server 7.1 SP3 RedHat Directory Server 7.1 SP2 RedHat Directory Server 7.1 SP1 RedHat Directory Server 7.1 HP HP-UX 11.23 HP HP-UX 11.11 HP HP-UX 11.31 |
| Not Vulnerable: |
RedHat Fedora Directory Server 7.1 SP7 |
Discussion
Red Hat Directory Server Accept Language HTTP Headers Buffer Overflow Vulnerability
Red Hat Directory Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
NOTE: The Administration Server of Directory Server usually runs with superuser privileges.
The following are affected:
- Red Hat Directory Server 7.1
- Versions prior to 'adminutil' 1.1.7
Red Hat Directory Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
NOTE: The Administration Server of Directory Server usually runs with superuser privileges.
The following are affected:
- Red Hat Directory Server 7.1
- Versions prior to 'adminutil' 1.1.7
Exploit / POC
Red Hat Directory Server Accept Language HTTP Headers Buffer Overflow Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Red Hat Directory Server Accept Language HTTP Headers Buffer Overflow Vulnerability
Solution:
The vendor has released an advisory and Service Pack 7. Please see the references for more information.
Solution:
The vendor has released an advisory and Service Pack 7. Please see the references for more information.
References
Red Hat Directory Server Accept Language HTTP Headers Buffer Overflow Vulnerability
References:
References:
- Bug 453916 - (CVE-2008-2928) CVE-2008-2928 Directory Server: CGI accept lang (Red Hat)
- Red Hat Directory Server Homepage (Red Hat)
- HPSBUX02354 SSRT080113 rev.1 - HP-UX Running Netscape / Red Hat Directory Server (HP)
- RHSA-2008:0596-18 Red Hat Directory Server 7.1 Service Pack 7 security update (Red Hat)