Red Hat 8/9 - Directory Server Crafted Search Pattern Denial of Service Vulnerability

2008-08-27T00:00:00
ID EDB-ID:32304
Type exploitdb
Reporter Ulf Weltman
Modified 2008-08-27T00:00:00

Description

Red Hat 8/9 Directory Server Crafted Search Pattern Denial of Service Vulnerability. CVE-2008-2930. Dos exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/30871/info

Red Hat Directory Server is prone to a denial-of-service vulnerability because the server fails to handle specially crafted search patterns.

An attacker can exploit this issue to consume CPU resources with one search request, effectively blocking additional search requests from executing. Legitimate users may be prevented from authenticating to network resources that use the affected server for authentication.

Red Hat Directory Server 7.1 and 8 are affected. 

The following example regular expressions are available:

2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P
4.0/AV:N/AC:L/Au:S/C:N/I:N/A:P