(Red Hat Issues Fix for Red Hat DS 7.1 SP6) Red Hat Directory Server Buffer Overflow in Regex Handler Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1020002
|
|
SecurityTracker URL: http://securitytracker.com/id?1020002
|
|
CVE Reference: CVE-2008-1677
(Links to External Site)
|
Date: May 9 2008
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Red Hat Advisory
|
Version(s): 7.1 SP6
|
Description: A vulnerability was reported in Red Hat Directory Server. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.
|
Impact: A remote user can execute arbitrary code on the target system.
|
Solution: Red Hat has released a fix for Red Hat Directory Server 7.1 SP6.
RHEL 3 Directory Server AS:
i386:
redhat-ds-7.1SP6-9.RHEL3.i386.rpm
RHEL
3 Directory Server ES:
i386:
redhat-ds-7.1SP6-9.RHEL3.i386.rpm
RHEL 4 Directory Server AS:
i386:
redhat-ds-7.1SP6-9.RHEL4.i386.rpm
RHEL
4 Directory Server ES:
i386:
redhat-ds-7.1SP6-9.RHEL4.i386.rpm
The Red Hat advisory is available at:
https://rhn.redhat.com/errata/RHSA-2008-0268.html
|
Vendor URL: rhn.redhat.com/errata/RHSA-2008-0269.html (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Red Hat Enterprise)
|
Underlying OS Comments: 3, 4
|
Reported By: bugzilla@redhat.com
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 9 May 2008 13:37:02 -0400
From: bugzilla@redhat.com
Subject: [RHSA-2008:0268-01] Critical: Red Hat Directory Server 7.1 Service
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: Red Hat Directory Server 7.1 Service Pack 6 security update
Advisory ID: RHSA-2008:0268-01
Product: Red Hat Directory Server
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0268.html
Issue date: 2008-05-09
CVE Names: CVE-2008-1677
=====================================================================
1. Summary:
An updated redhat-ds package that addresses a security issue is now
available as Red Hat Directory Server 7.1, Service Pack 6.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
RHEL 3 Directory Server AS - i386
RHEL 3 Directory Server ES - i386
RHEL 4 Directory Server AS - i386
RHEL 4 Directory Server ES - i386
3. Description:
Red Hat Directory Server is an LDAPv3-compliant directory server.
A buffer overflow flaw was found in the Red Hat Directory Server 7.1
regular expression handler. An unauthenticated attacker could construct a
malicious LDAP query that could cause the LDAP server to crash or possibly
execute arbitrary code. (CVE-2008-1677)
For more information about Service Pack 6, including upgrade and
installation instructions for users running Red Hat Directory Server 7.1 on
Solaris, please refer to the Red Hat Directory Server 7.1 SP6 release
notes, available at:
http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP6/
All users of Red Hat Directory Server 7.1 should upgrade to Service Pack 6,
which resolves this issue.
4. Solution:
This update is available via Red Hat Network.
Users running Red Hat Directory Server 7.1 on Red Hat Enterprise Linux
should consult the following Knowledge Base article for instruction on how
to install updated RPM packages: http://kbase.redhat.com/faq/FAQ_58_10188
Users running Red Hat Directory Server 7.1 on Solaris should consult the
Service Pack 6 release notes (see above for URL) for installation and
upgrade instructions.
5. Bugs fixed (http://bugzilla.redhat.com/):
182621 - Allow larger regex buffer to enable long substring filters
444712 - CVE-2008-1677 Directory Server: insufficient buffer size for search patterns
6. Package List:
RHEL 3 Directory Server AS:
i386:
redhat-ds-7.1SP6-9.RHEL3.i386.rpm
RHEL 3 Directory Server ES:
i386:
redhat-ds-7.1SP6-9.RHEL3.i386.rpm
RHEL 4 Directory Server AS:
i386:
redhat-ds-7.1SP6-9.RHEL4.i386.rpm
RHEL 4 Directory Server ES:
i386:
redhat-ds-7.1SP6-9.RHEL4.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1677
http://www.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFIJIuQXlSAg2UNWIIRAjOoAJ9wiAxKLKm8ZjAFGn2RDQ5g3nP42gCfRd0V
4l9At+t70KcCLgD7GvCE5cg=
=WTzF
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
