SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Directory)  >   Red Hat Directory Server Vendors:   Red Hat
Red Hat Directory Server Buffer Overflow in Regex Handler Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1020001
SecurityTracker URL:  http://securitytracker.com/id/1020001
CVE Reference:   CVE-2008-1677   (Links to External Site)
Updated:  May 9 2008
Original Entry Date:  May 9 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.0
Description:   A vulnerability was reported in Red Hat Directory Server. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   Red Hat has issued a fix.

Red Hat Directory Server 8.0 (for AS v. 4):

Source:
ftp://updates.redhat.com/enterprise/4AS/en/RHDirServ/SRPMS/redhat-ds-base-8.0.3-16.el4dsrv.src.rpm

i386:
redhat-ds-base-8.0.3-16.el4dsrv.i386.rpm
redhat-ds-base-debuginfo-8.0.3-16.el4dsrv.i386.rpm
redhat-ds-base-devel-8.0.3-16.el4dsrv.i386.rpm

x86_64:
redhat-ds-base-8.0.3-16.el4dsrv.x86_64.rpm
redhat-ds-base-debuginfo-8.0.3-16.el4dsrv.x86_64.rpm
redhat-ds-base-devel-8.0.3-16.el4dsrv.x86_64.rpm

Red Hat Directory Server 8.0 (for ES v. 4):

Source:
ftp://updates.redhat.com/enterprise/4ES/en/RHDirServ/SRPMS/redhat-ds-base-8.0.3-16.el4dsrv.src.rpm

i386:
redhat-ds-base-8.0.3-16.el4dsrv.i386.rpm
redhat-ds-base-debuginfo-8.0.3-16.el4dsrv.i386.rpm
redhat-ds-base-devel-8.0.3-16.el4dsrv.i386.rpm

x86_64:
redhat-ds-base-8.0.3-16.el4dsrv.x86_64.rpm
redhat-ds-base-debuginfo-8.0.3-16.el4dsrv.x86_64.rpm
redhat-ds-base-devel-8.0.3-16.el4dsrv.x86_64.rpm

Red Hat Directory Server 8.0 (for RHEL 5 Server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHDirServ/SRPMS/redhat-ds-base-8.0.3-16.el5dsrv.src.rpm

i386:
redhat-ds-base-8.0.3-16.el5dsrv.i386.rpm
redhat-ds-base-debuginfo-8.0.3-16.el5dsrv.i386.rpm
redhat-ds-base-devel-8.0.3-16.el5dsrv.i386.rpm

x86_64:
redhat-ds-base-8.0.3-16.el5dsrv.x86_64.rpm
redhat-ds-base-debuginfo-8.0.3-16.el5dsrv.x86_64.rpm
redhat-ds-base-devel-8.0.3-16.el5dsrv.x86_64.rpm

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2008-0269.html

Vendor URL:  rhn.redhat.com/errata/RHSA-2008-0269.html (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Red Hat Enterprise)

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 9 2008 (Red Hat Issues Fix for Red Hat DS 7.1 SP6) Red Hat Directory Server Buffer Overflow in Regex Handler Lets Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Directory Server 7.1 SP6.



 Source Message Contents

Date:  Fri, 9 May 2008 14:22:19 -0400
Subject:  [RHSA-2008:0269-01] Critical: redhat-ds-base security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: redhat-ds-base security update
Advisory ID:       RHSA-2008:0269-01
Product:           Red Hat Directory Server
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2008-0269.html
Issue date:        2008-05-09
CVE Names:         CVE-2008-1677 
=====================================================================

1. Summary:

An updated redhat-ds-base package that fixes a security issue is now
available for Red Hat Directory Server 8.0.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Directory Server 8.0 (for AS v. 4) - i386, x86_64
Red Hat Directory Server 8.0 (for ES v. 4) - i386, x86_64
Red Hat Directory Server 8.0 (for RHEL 5 Server) - i386, x86_64

3. Description:

Red Hat Directory Server is an LDAPv3 compliant server. The redhat-ds-base
package includes the LDAP server and command line utilities for server
administration.

A buffer overflow flaw was found in the Red Hat Directory Server 8.0
regular expression handler. An unauthenticated attacker could construct a
malicious LDAP query that could cause the LDAP server to crash, or,
possibly, execute arbitrary code. (CVE-2008-1677)

All users of Red Hat Directory Server should upgrade to this updated
package, which resolves this issue.

4. Solution:

Users running Red Hat Directory Server on Red Hat Enterprise Linux:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Users running Red Hat Directory Server on Sun Solaris:

An updated Solaris packages in .pkg format are available in the Red Hat
Directory Server 8.0 Solaris channel on the Red Hat Network. This packages
should be installed/upgraded using Solaris native package management tools.

See also Red Hat Directory Server 8.0 Installation Guide for installation
instructions:
http://www.redhat.com/docs/manuals/dir-server/install/8.0/

5. Bugs fixed (http://bugzilla.redhat.com/):

444712 - CVE-2008-1677 Directory Server: insufficient buffer size for search patterns

6. Package List:

Red Hat Directory Server 8.0 (for AS v. 4):

Source:
ftp://updates.redhat.com/enterprise/4AS/en/RHDirServ/SRPMS/redhat-ds-base-8.0.3-16.el4dsrv.src.rpm

i386:
redhat-ds-base-8.0.3-16.el4dsrv.i386.rpm
redhat-ds-base-debuginfo-8.0.3-16.el4dsrv.i386.rpm
redhat-ds-base-devel-8.0.3-16.el4dsrv.i386.rpm

x86_64:
redhat-ds-base-8.0.3-16.el4dsrv.x86_64.rpm
redhat-ds-base-debuginfo-8.0.3-16.el4dsrv.x86_64.rpm
redhat-ds-base-devel-8.0.3-16.el4dsrv.x86_64.rpm

Red Hat Directory Server 8.0 (for ES v. 4):

Source:
ftp://updates.redhat.com/enterprise/4ES/en/RHDirServ/SRPMS/redhat-ds-base-8.0.3-16.el4dsrv.src.rpm

i386:
redhat-ds-base-8.0.3-16.el4dsrv.i386.rpm
redhat-ds-base-debuginfo-8.0.3-16.el4dsrv.i386.rpm
redhat-ds-base-devel-8.0.3-16.el4dsrv.i386.rpm

x86_64:
redhat-ds-base-8.0.3-16.el4dsrv.x86_64.rpm
redhat-ds-base-debuginfo-8.0.3-16.el4dsrv.x86_64.rpm
redhat-ds-base-devel-8.0.3-16.el4dsrv.x86_64.rpm

Red Hat Directory Server 8.0 (for RHEL 5 Server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHDirServ/SRPMS/redhat-ds-base-8.0.3-16.el5dsrv.src.rpm

i386:
redhat-ds-base-8.0.3-16.el5dsrv.i386.rpm
redhat-ds-base-debuginfo-8.0.3-16.el5dsrv.i386.rpm
redhat-ds-base-devel-8.0.3-16.el5dsrv.i386.rpm

x86_64:
redhat-ds-base-8.0.3-16.el5dsrv.x86_64.rpm
redhat-ds-base-debuginfo-8.0.3-16.el5dsrv.x86_64.rpm
redhat-ds-base-devel-8.0.3-16.el5dsrv.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1677
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIJJYeXlSAg2UNWIIRAvD6AKCuVukA9Hhnc00sRCWwOT0PMZNSuACgplq4
7vb/aqv2X/2+w8tjmHALObg=
=ztks
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC