RedHat 89 - Directory Server Crafted Search Pattern Denial of Service

2008-08-27T00:00:00
ID EXPLOITPACK:2EB5031085B37BCE759C961C50DCF02A
Type exploitpack
Reporter Ulf Weltman
Modified 2008-08-27T00:00:00

Description

RedHat 89 - Directory Server Crafted Search Pattern Denial of Service

                                        
                                            source: https://www.securityfocus.com/bid/30871/info

Red Hat Directory Server is prone to a denial-of-service vulnerability because the server fails to handle specially crafted search patterns.

An attacker can exploit this issue to consume CPU resources with one search request, effectively blocking additional search requests from executing. Legitimate users may be prevented from authenticating to network resources that use the affected server for authentication.

Red Hat Directory Server 7.1 and 8 are affected. 

The following example regular expressions are available:

2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P
4.0/AV:N/AC:L/Au:S/C:N/I:N/A:P