Bug 444712 (CVE-2008-1677) - CVE-2008-1677 Directory Server: insufficient buffer size for search patterns
Summary: CVE-2008-1677 Directory Server: insufficient buffer size for search patterns
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2008-1677
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 182621 443955 444715 444716 444718 445808 445809 445810
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-30 08:22 UTC by Tomas Hoger
Modified: 2019-09-29 12:24 UTC (History)
5 users (show)

Fixed In Version: 1.1.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-22 14:41:29 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0268 0 normal SHIPPED_LIVE Critical: Red Hat Directory Server 7.1 Service Pack 6 security update 2008-05-09 17:23:36 UTC
Red Hat Product Errata RHSA-2008:0269 0 normal SHIPPED_LIVE Critical: redhat-ds-base security update 2008-05-09 17:23:32 UTC

Description Tomas Hoger 2008-04-30 08:22:40 UTC 
Nathan Kinder discovered that Red Hat / Fedora Directory Server uses fixed-size
buffer for storing regular expressions used in LDAP searches.  This buffer can
overflow when search pattern from user-supplied LDAP request is translated into
a regular expression, resulting in a slapd daemon crash, or, possibly, arbitrary
code execution.  This issue can be triggered by any user permitted to perform
LDAP searches, including anonymous user if anonymous access is permitted by ACLs
(permitted by default).

Affected versions:
Red Hat Directory Server 7.1
Red Hat Directory Server 8
Fedora Directory Server 1.1
Comment 4 Tomas Hoger 2012-03-22 14:41:29 UTC 
https://access.redhat.com/security/cve/CVE-2008-1677
Note You need to log in before you can comment on or make changes to this bug.