SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Directory)  >   Red Hat Directory Server Vendors:   Red Hat
(Red Hat Issues Fix for Red Hat DS 7.1 SP6) Red Hat Directory Server Buffer Overflow in Regex Handler Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1020002
SecurityTracker URL:  http://securitytracker.com/id/1020002
CVE Reference:   CVE-2008-1677   (Links to External Site)
Date:  May 9 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.1 SP6
Description:   A vulnerability was reported in Red Hat Directory Server. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   Red Hat has released a fix for Red Hat Directory Server 7.1 SP6.

RHEL 3 Directory Server AS:

i386:
redhat-ds-7.1SP6-9.RHEL3.i386.rpm

RHEL 3 Directory Server ES:

i386:
redhat-ds-7.1SP6-9.RHEL3.i386.rpm

RHEL 4 Directory Server AS:

i386:
redhat-ds-7.1SP6-9.RHEL4.i386.rpm

RHEL 4 Directory Server ES:

i386:
redhat-ds-7.1SP6-9.RHEL4.i386.rpm

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2008-0268.html

Vendor URL:  rhn.redhat.com/errata/RHSA-2008-0269.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  3, 4

Message History:   This archive entry is a follow-up to the message listed below.
May 9 2008 Red Hat Directory Server Buffer Overflow in Regex Handler Lets Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [RHSA-2008:0268-01] Critical: Red Hat Directory Server 7.1 Service


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat Directory Server 7.1 Service Pack 6 security update
Advisory ID:       RHSA-2008:0268-01
Product:           Red Hat Directory Server
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2008-0268.html
Issue date:        2008-05-09
CVE Names:         CVE-2008-1677 
=====================================================================

1. Summary:

An updated redhat-ds package that addresses a security issue is now
available as Red Hat Directory Server 7.1, Service Pack 6.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL 3 Directory Server AS - i386
RHEL 3 Directory Server ES - i386
RHEL 4 Directory Server AS - i386
RHEL 4 Directory Server ES - i386

3. Description:

Red Hat Directory Server is an LDAPv3-compliant directory server.

A buffer overflow flaw was found in the Red Hat Directory Server 7.1
regular expression handler. An unauthenticated attacker could construct a
malicious LDAP query that could cause the LDAP server to crash or possibly
execute arbitrary code. (CVE-2008-1677)

For more information about Service Pack 6, including upgrade and
installation instructions for users running Red Hat Directory Server 7.1 on
Solaris, please refer to the Red Hat Directory Server 7.1 SP6 release
notes, available at:

http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP6/

All users of Red Hat Directory Server 7.1 should upgrade to Service Pack 6,
which resolves this issue.

4. Solution:

This update is available via Red Hat Network.

Users running Red Hat Directory Server 7.1 on Red Hat Enterprise Linux
should consult the following Knowledge Base article for instruction on how
to install updated RPM packages: http://kbase.redhat.com/faq/FAQ_58_10188

Users running Red Hat Directory Server 7.1 on Solaris should consult the
Service Pack 6 release notes (see above for URL) for installation and
upgrade instructions.

5. Bugs fixed (http://bugzilla.redhat.com/):

182621 - Allow larger regex buffer to enable long substring filters
444712 - CVE-2008-1677 Directory Server: insufficient buffer size for search patterns

6. Package List:

RHEL 3 Directory Server AS:

i386:
redhat-ds-7.1SP6-9.RHEL3.i386.rpm

RHEL 3 Directory Server ES:

i386:
redhat-ds-7.1SP6-9.RHEL3.i386.rpm

RHEL 4 Directory Server AS:

i386:
redhat-ds-7.1SP6-9.RHEL4.i386.rpm

RHEL 4 Directory Server ES:

i386:
redhat-ds-7.1SP6-9.RHEL4.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1677
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIJIuQXlSAg2UNWIIRAjOoAJ9wiAxKLKm8ZjAFGn2RDQ5g3nP42gCfRd0V
4l9At+t70KcCLgD7GvCE5cg=
=WTzF
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC