CVE-2008-1677 – Server: insufficient buffer size for search patterns

https://notcve.org/view.php?id=CVE-2008-1677

Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression. Desbordamiento de búfer en el controlador de expresiones regulares de Red Hat Directory Server 8.0 y 7.1 anterior a SP6 permite a atacantes remotos provocar una denegación de servicio (caída de slapd) y posiblemente ejecutar código de su elección mediante una consulta LDAP manipulada que dispara el desbordamiento durante la traducción a una expresión regular. • http://secunia.com/advisories/30181 http://secunia.com/advisories/30185 http://www.redhat.com/support/errata/RHSA-2008-0268.html http://www.redhat.com/support/errata/RHSA-2008-0269.html http://www.securityfocus.com/bid/29126 http://www.securitytracker.com/id?1020001 https://bugzilla.redhat.com/show_bug.cgi?id=444712 https://exchange.xforce.ibmcloud.com/vulnerabilities/42332 https://access.redhat.com/security/cve/CVE-2008-1677 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •