(RHSA-2008:0601) Moderate: adminutil security update

2008-08-2700:00:00

access.redhat.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.1%

JSON

Red Hat Directory Server is an LDAPv3-compliant server. The adminutil
packages is collection of function libraries used to administer directory
servers, usually in conjunction with the Administration Server.

The Directory Server Administration Express web interface incorrectly
parsed %-escaped user provided values. A remote attacker could use this
flaw to conduct cross-site scripting attacks against directory server
administrators using the Administration Express web interface.
(CVE-2008-2929)

All users of Red Hat Directory Server should upgrade to this updated
adminutil packages, which resolve this issue.

OSVersionArchitecturePackageVersionFilename
RedHat5x86_64adminutil-devel< 1.1.7-3.el5dsrvadminutil-devel-1.1.7-3.el5dsrv.x86_64.rpm
RedHat5i386adminutil< 1.1.7-3.el5dsrvadminutil-1.1.7-3.el5dsrv.i386.rpm
RedHat5i386adminutil-devel< 1.1.7-3.el5dsrvadminutil-devel-1.1.7-3.el5dsrv.i386.rpm
RedHat5srcadminutil< 1.1.7-3.el5dsrvadminutil-1.1.7-3.el5dsrv.src.rpm
RedHat5x86_64adminutil< 1.1.7-3.el5dsrvadminutil-1.1.7-3.el5dsrv.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	x86_64	adminutil-devel	< 1.1.7-3.el5dsrv	adminutil-devel-1.1.7-3.el5dsrv.x86_64.rpm
RedHat	5	i386	adminutil	< 1.1.7-3.el5dsrv	adminutil-1.1.7-3.el5dsrv.i386.rpm
RedHat	5	i386	adminutil-devel	< 1.1.7-3.el5dsrv	adminutil-devel-1.1.7-3.el5dsrv.i386.rpm
RedHat	5	src	adminutil	< 1.1.7-3.el5dsrv	adminutil-1.1.7-3.el5dsrv.src.rpm
RedHat	5	x86_64	adminutil	< 1.1.7-3.el5dsrv	adminutil-1.1.7-3.el5dsrv.x86_64.rpm