Red Hat Fedora Directory Server HTTP Unescaping Functions Buffer Overflow Vulnerability

Bugtraq ID:	31106
Class:	Boundary Condition Error
CVE:	CVE-2008-2932
Remote:	Yes
Local:	No
Published:	Sep 10 2008 12:00AM
Updated:	Apr 13 2015 09:31PM
Credit:	The vendor
Vulnerable:
Not Vulnerable:

Red Hat Fedora Directory Server HTTP Unescaping Functions Buffer Overflow Vulnerability

Red Hat Directory Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects only Directory Server as shipped with Red Hat Fedora. The issue was introduced in adminutils 1.1.6.

Red Hat Fedora Directory Server HTTP Unescaping Functions Buffer Overflow Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Red Hat Fedora Directory Server HTTP Unescaping Functions Buffer Overflow Vulnerability

Solution:
The vendor has released an advisory and fixes. Please see the references for more information.

Red Hat Fedora Directory Server HTTP Unescaping Functions Buffer Overflow Vulnerability

References:

• Bug 454662 - (CVE-2008-2932) CVE-2008-2932 Directory Server: adminutil / CGI (Red Hat)
  
• Red Hat Directory Server Homepage (Red Hat)