CVE Vulnerability

CVE-2008-1677

Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=444712 Issue Tracking Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0268.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0269.html Third Party Advisory
http://www.securityfocus.com/bid/29126 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020001 Third Party Advisory VDB Entry
http://secunia.com/advisories/30181 Broken Link
http://secunia.com/advisories/30185 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/42332 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:redhat:directory_server:7.1:sp4:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp2:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp5:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp3:*:*:*:*:*:*
cpe:2.3:a:redhat:fedora_directory_server:1.1:*:*:*:*:*:*:*
Information

Published : 2008-05-12 04:20

Updated : 2022-02-03 07:56

NVD link : CVE-2008-1677

Mitre link : CVE-2008-1677

Products Affected
No products.
CWE
CWE-120