SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Directory)  >   Red Hat Directory Server Vendors:   Red Hat
(Red Hat Issues Fix for adminutil) Red Hat Directory Server Administration Express and Directory Server Gateway Input Validation Hole Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1020775
SecurityTracker URL:  http://securitytracker.com/id/1020775
CVE Reference:   CVE-2008-2929   (Links to External Site)
Date:  Aug 27 2008
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.0
Description:   A vulnerability was reported in Red Hat Directory Server. A remote user can conduct cross-site scripting attacks.

The Directory Server Administration Express and Directory Server Gateway (DSGW) web interface does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Red Hat Directory Server software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Red Hat Directory Server software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   Red Hat has released a fix for Directory Server 8.0.

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2008-0601.html

Vendor URL:  rhn.redhat.com/errata/RHSA-2008-0601.html (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Red Hat Enterprise)

Message History:   This archive entry is a follow-up to the message listed below.
Aug 27 2008 Red Hat Directory Server Administration Express and Directory Server Gateway Input Validation Hole Permits Cross-Site Scripting Attacks



 Source Message Contents

Subject:  [RHSA-2008:0601-01] Moderate: adminutil security update


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: adminutil security update
Advisory ID:       RHSA-2008:0601-01
Product:           Red Hat Directory Server
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2008-0601.html
Issue date:        2008-08-27
CVE Names:         CVE-2008-2929 
=====================================================================

1. Summary:

An updated adminutil package that fixes a security issue is now available
for Red Hat Directory Server 8.0.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Directory Server 8.0 (for AS v. 4) - i386, x86_64
Red Hat Directory Server 8.0 (for ES v. 4) - i386, x86_64
Red Hat Directory Server 8.0 (for RHEL 5 Server) - i386, x86_64

3. Description:

Red Hat Directory Server is an LDAPv3-compliant server. The adminutil
packages is collection of function libraries used to administer directory
servers, usually in conjunction with the Administration Server.

The Directory Server Administration Express web interface incorrectly
parsed %-escaped user provided values. A remote attacker could use this
flaw to conduct cross-site scripting attacks against directory server
administrators using the Administration Express web interface.
(CVE-2008-2929)

All users of Red Hat Directory Server should upgrade to this updated
adminutil packages, which resolve this issue.

4. Solution:

This update is available via Red Hat Network.

Users running Red Hat Directory Server 8 on Red Hat Enterprise Linux should
consult the following Knowledge Base article for instruction on how to
install updated RPM packages: http://kbase.redhat.com/faq/FAQ_58_10188

Users running Red Hat Directory Server 8 on Solaris can download updated
Solaris packages in the PKG format form the Red Hat Directory Server 8.0
Solaris channel on the Red Hat Network. Those packages need to be
installed/upgraded using Solaris native package management tools.

See also Red Hat Directory Server 8.0 Installation Guide for installation
instructions: http://www.redhat.com/docs/manuals/dir-server/install/8.0/

5. Bugs fixed (http://bugzilla.redhat.com/):

454621 - CVE-2008-2929 Directory Server: multiple XSS issues

6. Package List:

Red Hat Directory Server 8.0 (for AS v. 4):

Source:
ftp://updates.redhat.com/enterprise/4AS/en/RHDirServ/SRPMS/adminutil-1.1.7-3.el4dsrv.src.rpm

i386:
adminutil-1.1.7-3.el4dsrv.i386.rpm
adminutil-debuginfo-1.1.7-3.el4dsrv.i386.rpm
adminutil-devel-1.1.7-3.el4dsrv.i386.rpm

x86_64:
adminutil-1.1.7-3.el4dsrv.x86_64.rpm
adminutil-debuginfo-1.1.7-3.el4dsrv.x86_64.rpm
adminutil-devel-1.1.7-3.el4dsrv.x86_64.rpm

Red Hat Directory Server 8.0 (for ES v. 4):

Source:
ftp://updates.redhat.com/enterprise/4ES/en/RHDirServ/SRPMS/adminutil-1.1.7-3.el4dsrv.src.rpm

i386:
adminutil-1.1.7-3.el4dsrv.i386.rpm
adminutil-debuginfo-1.1.7-3.el4dsrv.i386.rpm
adminutil-devel-1.1.7-3.el4dsrv.i386.rpm

x86_64:
adminutil-1.1.7-3.el4dsrv.x86_64.rpm
adminutil-debuginfo-1.1.7-3.el4dsrv.x86_64.rpm
adminutil-devel-1.1.7-3.el4dsrv.x86_64.rpm

Red Hat Directory Server 8.0 (for RHEL 5 Server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHDirServ/SRPMS/adminutil-1.1.7-3.el5dsrv.src.rpm

i386:
adminutil-1.1.7-3.el5dsrv.i386.rpm
adminutil-debuginfo-1.1.7-3.el5dsrv.i386.rpm
adminutil-devel-1.1.7-3.el5dsrv.i386.rpm

x86_64:
adminutil-1.1.7-3.el5dsrv.x86_64.rpm
adminutil-debuginfo-1.1.7-3.el5dsrv.x86_64.rpm
adminutil-devel-1.1.7-3.el5dsrv.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2929
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFItcN/XlSAg2UNWIIRAqAnAJ9zZV4GxYrKXlWKEcJi97T7RJPM3gCfaxHm
8s7su1bwgKBgpzTwAf7VIVk=
=5avo
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC