Lucene search

RedhatCVE-2008-2932

HistorySep 12, 2008 - 4:56 p.m.

CVE-2008-2932

2008-09-1216:56:20

CWE-119

redhat

web.nvd.nist.gov

cve-2008-2932

red hat adminutil

buffer overflow

denial of service

arbitrary code

http input

fedora directory server

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.084

Percentile

94.4%

JSON

Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via % (percent) encoded HTTP input to unspecified CGI scripts in Fedora Directory Server. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-2929.

Affected configurations

Nvd

Node

redhatadminutilMatch1.1.6

VendorProductVersionCPE
redhatadminutil1.1.6cpe:2.3:a:redhat:adminutil:1.1.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	adminutil	1.1.6	cpe:2.3:a:redhat:adminutil:1.1.6:::::::*

References

secunia.com/advisories/31777

www.securityfocus.com/bid/31106

bugzilla.redhat.com/show_bug.cgi?id=454662

exchange.xforce.ibmcloud.com/vulnerabilities/45203

www.redhat.com/archives/fedora-package-announce/2008-September/msg00218.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg00449.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.084

Percentile

94.4%

JSON

Related for CVE-2008-2932