CVE-2008-2930 – RedHat 8/9 - Directory Server Crafted Search Pattern Denial of Service
https://notcve.org/view.php?id=CVE-2008-2930
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem. Red Hat Directory Server 7.1 anteriores al SP7, Red Hat Directory Server 8, y Fedora Directory Server 1.1.1 permiten a atacantes remotos provocar una denegación de servicio (consumo de CPU y agotamiento de búsqueda) a través de una petición de búsqueda LDAP manipulada con patrones, relativos a los subsistemas de hilo-simple y expresión-regular. • https://www.exploit-db.com/exploits/32304 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861 http://secunia.com/advisories/31565 http://secunia.com/advisories/31627 http://secunia.com/advisories/31702 http://secunia.com/advisories/31867 http://securitytracker.com/id?1020773 http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html http://www.redhat.com/support/errata/RHSA-2008-0602.html http://www.redhat.com/support/errata/RHSA& • CWE-399: Resource Management Errors •
CVE-2008-3283 – Server: multiple memory leaks
https://notcve.org/view.php?id=CVE-2008-3283
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests. Múltiples fugas de memoria en Red Hat Directory Server 7.1 anteriores al SP7, Red Hat Directory Server 8, y Fedora Directory Server 1.1.1 y anteriores, permiten a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de vectores que involucran: (1) la fase de autenticación/asignación y (2) peticiones de búsqueda LDAP anónimas. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861 http://secunia.com/advisories/31565 http://secunia.com/advisories/31627 http://secunia.com/advisories/31702 http://secunia.com/advisories/31867 http://secunia.com/advisories/31913 http://securitytracker.com/id?1020774 http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html http://www.redhat.com/support/errata/RHSA-2008-0602.html http://www.redhat.com/support/errata/RHSA-2008-0 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2008-0890 – 7.1: insecure default permissions on jars directory
https://notcve.org/view.php?id=CVE-2008-0890
Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors. Red Hat Directory Server 7.1 anterior al SP4 usa permisos inseguros para ciertos directorios, lo que permite a usuarios locales modificar archivos JAR y ejecutar código de su elección mediante vectores no especificados. • http://secunia.com/advisories/29350 http://www.redhat.com/support/errata/RHSA-2008-0173.html http://www.securityfocus.com/bid/28204 http://www.securitytracker.com/id?1019577 https://exchange.xforce.ibmcloud.com/vulnerabilities/41152 https://access.redhat.com/security/cve/CVE-2008-0890 https://bugzilla.redhat.com/show_bug.cgi?id=436116 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2004-0826
https://notcve.org/view.php?id=CVE-2004-0826
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. • http://marc.info/?l=bugtraq&m=109351293827731&w=2 http://www.securityfocus.com/bid/11015 http://xforce.iss.net/xforce/alerts/id/180 https://exchange.xforce.ibmcloud.com/vulnerabilities/16314 •
CVE-2001-0164
https://notcve.org/view.php?id=CVE-2001-0164
Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field. • http://www.atstake.com/research/advisories/2001/a030701-1.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/6233 •