CVE-2008-0892

Server: shell command injection in CGI replication monitor

Severity Score

9.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.

Las secuencias de comandos CGI Replication Monitor (monitor de duplicación) en Red Hat Administration Server, como lo usan Red Hat Directory Server 8.0 EL4 y EL5, permite a atacantes remotos ejecutar comandos de su elección.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-02-21 CVE Reserved
2008-04-16 CVE Published
2024-08-07 CVE Updated
2024-09-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (14)

URL	Tag	Source
http://secunia.com/advisories/29761	Broken Link
http://secunia.com/advisories/29826	Broken Link
http://secunia.com/advisories/30114	Broken Link
http://www.securityfocus.com/bid/28802	Third Party Advisory
http://www.securitytracker.com/id?1019856	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1449/references	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/41840	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676	2022-02-03
http://www.redhat.com/support/errata/RHSA-2008-0199.html	2022-02-03
http://www.redhat.com/support/errata/RHSA-2008-0201.html	2022-02-03
https://bugzilla.redhat.com/show_bug.cgi?id=437301	2008-04-15
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html	2022-02-03
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html	2022-02-03
https://access.redhat.com/security/cve/CVE-2008-0892	2008-04-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Directory Server Search vendor "Redhat" for product "Directory Server"				7.1 Search vendor "Redhat" for product "Directory Server" and version "7.1"		-		Affected
Redhat Search vendor "Redhat"		Directory Server Search vendor "Redhat" for product "Directory Server"				8 Search vendor "Redhat" for product "Directory Server" and version "8"		el4		Affected
Redhat Search vendor "Redhat"		Directory Server Search vendor "Redhat" for product "Directory Server"				8 Search vendor "Redhat" for product "Directory Server" and version "8"		el5		Affected
Redhat Search vendor "Redhat"		Fedora Directory Server Search vendor "Redhat" for product "Fedora Directory Server"				*		-		Affected