CERT-In Vulnerability Note CIVN-2008-151
Buffer-Overflow Vulnerability in HTTP Unescaping Functions in Red Hat Fedora Directory Server
Original Issue Date:October 06, 2008
Severity Rating:
High
Systems Affected
Overview
A buffer-overflow vulnerability has been reported in "HTTP unescaping " functions in adminutil library, which could be exploited by an attacker to cause a Denial of Service.
Description
A vulnerability has been reported in HTTP unescaping functions in adminutil library. This vulnerability exists due to improper handling of character-encoded input by HTTP unescaping function.
This vulnerability could be exploited by an attacker by sending a specially-crafted request to CGI scripts in Fedora Directory Server to execute arbitrary code in the context of the affected application.
Solution
Upgrade to the latest version of adminutil (1.1.7 or later) as provided by the vendor:
http://directory.fedoraproject.org/wiki/AdminUtil
Vendor Information
Fedora
http://directory.fedoraproject.org/wiki/AdminUtil
References
RedHat
https://bugzilla.redhat.com/show_bug.cgi?id=454662
http://www.redhat.com/directory_server/
SecurityFocus
http://www.securityfocus.com/bid/31106/references
X-Force
http://xforce.iss.net/xforce/xfdb/45203
CVE Name
CVE-2008-2932
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
