3 matches found
RHEL 5 : redhat-ds-base (RHSA-2008:0269)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2008:0269 advisory. Red Hat Directory Server is an LDAPv3 compliant server. The redhat-ds-base package includes the LDAP server and command line utilities for server...
Red Hat目录服务器LDAP查询缓冲区溢出漏洞
BUGTRAQ ID: 29126 CVECAN ID: CVE-2008-1677 Red Hat目录服务器是用于集中管理应用设置、组数据、策略等内容的基于LDAP的服务器。 Red Hat目录服务器使用固定大小的缓冲区储存LDAP搜索中所使用的正则表达式,在将用户提供的LDAP请求中的搜索模式翻译成正则表达式时可能会触发缓冲区溢出,导致slapd守护程序崩溃或执行任意代码。任何可以执行LDAP搜索的用户都可以触发这个溢出,如果ACL允许匿名访问(默认配置)的话也包括匿名用户。 RedHat Directory Server 8.0 RedHat Directory Server 7....
CVE-2008-1677
The CVE-2008-1677 issue affects Red Hat Directory Server 8.0 and 7.1 before Service Pack 6, where the regular expression handler can overflow a buffer during translation of a user-supplied LDAP search pattern. This denial-of-service vulnerability may allow an unauthenticated remote attacker to cr...