Bug 444712 - (CVE-2008-1677) CVE-2008-1677 Directory Server: insufficient buffer size for search patterns
CVE-2008-1677 Directory Server: insufficient buffer size for search patterns
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
: Reopened, Security
Depends On: 182621 443955 444715 444716 444718 445808 445809 445810
  Show dependency treegraph
Reported: 2008-04-30 04:22 EDT by Tomas Hoger
Modified: 2012-04-26 08:57 EDT (History)
5 users (show)

See Also:
Fixed In Version: 1.1.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-03-22 10:41:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2008-04-30 04:22:40 EDT
Nathan Kinder discovered that Red Hat / Fedora Directory Server uses fixed-size
buffer for storing regular expressions used in LDAP searches.  This buffer can
overflow when search pattern from user-supplied LDAP request is translated into
a regular expression, resulting in a slapd daemon crash, or, possibly, arbitrary
code execution.  This issue can be triggered by any user permitted to perform
LDAP searches, including anonymous user if anonymous access is permitted by ACLs
(permitted by default).

Affected versions:
Red Hat Directory Server 7.1
Red Hat Directory Server 8
Fedora Directory Server 1.1

Note You need to log in before you can comment on or make changes to this bug.