CVSS: 10.0EPSS: 59%CPEs: 6EXPL: 0CVE-2008-2928 – Server: CGI accept language buffer overflow
https://notcve.org/view.php?id=CVE-2008-2928
Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header. Múltiples desbordamiento de búfer en la biblioteca adminutil de aplicaciones CGI en Red Hat Directory Server 7.1 anteriores a SP7, permiten a atacantes remotos provocar una denegación de servicio (caída de demonio) o posiblemente ejecución arbitraria de código a través de una cabecera http Accept languaje manipulada. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861 http://secunia.com/advisories/31565 http://secunia.com/advisories/31702 http://secunia.com/advisories/31777 http://securitytracker.com/id?1020771 http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html http://www.securityfocus.com/bid/30869 http://www.vupen.com/english/advisories/2008/2480 https://bugzilla.redhat.com/show_bug.cgi?id=453916 https://exchange.xforce.ibmcloud.com/vu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 7EXPL: 0CVE-2008-1677 – Server: insufficient buffer size for search patterns
https://notcve.org/view.php?id=CVE-2008-1677
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression. Desbordamiento de búfer en el controlador de expresiones regulares de Red Hat Directory Server 8.0 y 7.1 anterior a SP6 permite a atacantes remotos provocar una denegación de servicio (caída de slapd) y posiblemente ejecutar código de su elección mediante una consulta LDAP manipulada que dispara el desbordamiento durante la traducción a una expresión regular. • http://secunia.com/advisories/30181 http://secunia.com/advisories/30185 http://www.redhat.com/support/errata/RHSA-2008-0268.html http://www.redhat.com/support/errata/RHSA-2008-0269.html http://www.securityfocus.com/bid/29126 http://www.securitytracker.com/id?1020001 https://bugzilla.redhat.com/show_bug.cgi?id=444712 https://exchange.xforce.ibmcloud.com/vulnerabilities/42332 https://access.redhat.com/security/cve/CVE-2008-1677 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-0892 – Server: shell command injection in CGI replication monitor
https://notcve.org/view.php?id=CVE-2008-0892
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands. Las secuencias de comandos CGI Replication Monitor (monitor de duplicación) en Red Hat Administration Server, como lo usan Red Hat Directory Server 8.0 EL4 y EL5, permite a atacantes remotos ejecutar comandos de su elección. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676 http://secunia.com/advisories/29761 http://secunia.com/advisories/29826 http://secunia.com/advisories/30114 http://www.redhat.com/support/errata/RHSA-2008-0199.html http://www.redhat.com/support/errata/RHSA-2008-0201.html http://www.securityfocus.com/bid/28802 http://www.securitytracker.com/id?1019856 http://www.vupen.com/english/advisories/2008/1449/references https://bugzilla.redhat.com/show_bug.cg • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0893 – Server: unrestricted access to CGI scripts
https://notcve.org/view.php?id=CVE-2008-0893
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions. Red Hat Administration Server, tal como se utiliza por Red Hat Directory Server 8.0 EL4 and EL5, no restringe el acceso correctamente a scripts CGI, lo cual permite a atacantes remotos llevar a cabo acciones administrativas. • http://secunia.com/advisories/29761 http://secunia.com/advisories/29826 http://www.redhat.com/support/errata/RHSA-2008-0201.html http://www.securityfocus.com/bid/28802 http://www.securitytracker.com/id?1019857 https://bugzilla.redhat.com/show_bug.cgi?id=437320 https://exchange.xforce.ibmcloud.com/vulnerabilities/41843 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html https:/&#x • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2008-0889 – server: insecure permissions on fedora/redhat-idm-console
https://notcve.org/view.php?id=CVE-2008-0889
Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script. Red Hat Directory Server 8.0, ejecutado en Red Hat Enterprise Linux, usa permisos no seguros para la secuencia de comandos redhat-idm-console lo que permite a usuarios locales ejecutar código de su elección mediante la modificación de la secuencia de comandos. • http://secunia.com/advisories/29482 http://www.redhat.com/support/errata/RHSA-2008-0191.html http://www.securityfocus.com/bid/28327 http://www.securitytracker.com/id?1019677 https://access.redhat.com/security/cve/CVE-2008-0889 https://bugzilla.redhat.com/show_bug.cgi?id=436107 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •