ID CVE-2008-3283
Summary Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests.
References
Vulnerable Configurations
  • cpe:2.3:a:fedora:directory_server:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:fedora:directory_server:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:directory_server:7.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:redhat:directory_server:7.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:directory_server:7.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:redhat:directory_server:7.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:redhat:directory_server:7.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:redhat:directory_server:7.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:redhat:directory_server:7.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:redhat:directory_server:7.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:redhat:directory_server:7.1:sp5:*:*:*:*:*:*
    cpe:2.3:a:redhat:directory_server:7.1:sp5:*:*:*:*:*:*
  • cpe:2.3:a:redhat:directory_server:7.1:sp6:*:*:*:*:*:*
    cpe:2.3:a:redhat:directory_server:7.1:sp6:*:*:*:*:*:*
  • cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 29-09-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
oval via4
accepted 2015-04-20T04:02:30.681-04:00
class vulnerability
contributors
  • name Michael Wood
    organization Hewlett-Packard
  • name Sushant Kumar Singh
    organization Hewlett-Packard
  • name Sushant Kumar Singh
    organization Hewlett-Packard
  • name Prashant Kumar
    organization Hewlett-Packard
  • name Mike Cokus
    organization The MITRE Corporation
description Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests.
family unix
id oval:org.mitre.oval:def:6118
status accepted
submitted 2008-09-02T12:41:14.000-04:00
title HP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS)
version 45
redhat via4
advisories
  • rhsa
    id RHSA-2008:0596
  • rhsa
    id RHSA-2008:0602
  • rhsa
    id RHSA-2008:0858
rpms
  • redhat-ds-0:7.1SP7-14.RHEL3
  • redhat-ds-0:7.1SP7-14.RHEL4
  • redhat-ds-admin-0:8.0.4-3.el4dsrv
  • redhat-ds-admin-0:8.0.4-3.el5dsrv
  • redhat-ds-admin-debuginfo-0:8.0.4-3.el4dsrv
  • redhat-ds-admin-debuginfo-0:8.0.4-3.el5dsrv
  • redhat-ds-base-0:8.0.4-7.el4dsrv
  • redhat-ds-base-0:8.0.4-7.el5dsrv
  • redhat-ds-base-debuginfo-0:8.0.4-7.el4dsrv
  • redhat-ds-base-debuginfo-0:8.0.4-7.el5dsrv
  • redhat-ds-base-devel-0:8.0.4-7.el4dsrv
  • redhat-ds-base-devel-0:8.0.4-7.el5dsrv
  • redhat-ds-base-0:8.0.4-7.el5dsrv
  • redhat-ds-base-debuginfo-0:8.0.4-7.el5dsrv
  • redhat-ds-base-devel-0:8.0.4-7.el5dsrv
refmap via4
bid 30872
confirm
fedora
  • FEDORA-2008-7813
  • FEDORA-2008-7891
hp
  • HPSBUX02354
  • SSRT080113
sectrack 1020774
secunia
  • 31565
  • 31627
  • 31702
  • 31867
  • 31913
vupen ADV-2008-2480
xf rhds-leaks-dos(44731)
Last major update 29-09-2017 - 01:31
Published 29-08-2008 - 18:41
Last modified 29-09-2017 - 01:31
Back to Top