Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities

Bugtraq ID:	30872
Class:	Design Error
CVE:	CVE-2008-3283
Remote:	Yes
Local:	No
Published:	Aug 27 2008 12:00AM
Updated:	Apr 13 2015 09:59PM
Credit:	Richard Megginson
Vulnerable:	RedHat Fedora Directory Server 7.1 SP6 RedHat Fedora Directory Server 7.1 SP5 RedHat Enterprise IPA 1 for RHEL 5 Server 0 RedHat Directory Server 8 EL 5 RedHat Directory Server 8 EL 4 RedHat Directory Server 7.1 SP4 RedHat Directory Server 7.1 SP3 RedHat Directory Server 7.1 SP2 RedHat Directory Server 7.1 SP1 RedHat Directory Server 7.1 HP HP-UX 11.23 HP HP-UX 11.11 HP HP-UX 11.31
Not Vulnerable:	RedHat Fedora Directory Server 7.1 SP7

Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities

Red Hat Directory Server is prone to multiple remote denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the server, denying access to legitimate users.

Directory Server 7.1, 8 EL4, and 8 EL5 are vulnerable.

Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities

Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities

Solution:
The vendor has released a fix to address these issues. Please see the references for more information.

Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities

References:

• Red Hat Directory Server Homepage (Red Hat)
  
• HPSBUX02354 SSRT080113 rev.1 - HP-UX Running Netscape / Red Hat Directory Server (HP)
  
• RHSA-2008:0596-18 Red Hat Directory Server 7.1 Service Pack 7 security update (Red Hat)
  
• RHSA-2008:0602-13 Moderate: redhat-ds-base and redhat-ds-admin security and bug (Red Hat)