CVE-2008-2928

Published: Aug 29, 2008Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.

Affected (6)

Products: Redhat: Directory Server

1 product

Directory Server

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Redhat Directory Server	Version 7.1 sp1
Redhat Directory Server	Version 7.1 sp2
Redhat Directory Server	Version 7.1 sp3
Redhat Directory Server	Version 7.1 sp4
Redhat Directory Server	Version 7.1 sp5
Redhat Directory Server	Version 7.1 sp6

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (28)

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861

Source: secalert@redhat.com

http://secunia.com/advisories/31565

Source: secalert@redhat.com

http://secunia.com/advisories/31702

Source: secalert@redhat.com

http://secunia.com/advisories/31777

Source: secalert@redhat.com

http://securitytracker.com/id?1020771

Source: secalert@redhat.com

http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/30869

Source: secalert@redhat.com

Patch

http://www.vupen.com/english/advisories/2008/2480

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=453916

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/44738

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5865

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2008-0596.html

Source: secalert@redhat.com

Patch

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00218.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00449.html

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31565

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31702

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31777

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1020771

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30869

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.vupen.com/english/advisories/2008/2480

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=453916

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/44738

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5865

Source: af854a3a-2127-422b-91ae-364da2661108

https://rhn.redhat.com/errata/RHSA-2008-0596.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00218.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00449.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.