CERT-In Vulnerability Note CIVN-2008-51
Multiple Vulnerabilities in Red Hat Directory Server
Original Issue Date:
May 01, 2008
Severity Rating:
High
System Affected
- RedHat Directory Server 8 EL 4 & EL 5
- RedHat Directory Server 7.1 prior to SP4
Overview
Multiple vulnerabilities have been reported in Red Hat Directory Server which could be exploited by remote attacker to execute arbitrary code and disclose sensitive information on the affected system.
Description
1. Input Validation Flaw in 'repl-monitor-cgi.pl'
(CVE-2008-0892)
A vulnerability has been reported in repl-monitor-cgi.pl , CGI script is not properly sanitized before being used in a "system()" call . The vulnerability could be exploited by remote attacker to run arbitrary code on the affected system.
2. CGI scripts security bypass (CVE-2008-0893)
A vulnerability has been reported in directory server ,CGI script is not properly sanitized. The vulnerability could be exploited by remote attacker to run arbitrary code on the affected system.
Solution
Upgrade to Directory Server 7.1 Service Pack 5
Upgrades to Directory Server 8
These updates are available via Red Hat Network.
Vendor Information
Redhat
http://www.redhat.com/support/errata/RHSA-2008-0201.html
http://www.redhat.com/support/errata/RHSA-2008-0199.html
References
Secunia
http://secunia.com/advisories/29761
Security Focus
http://www.securityfocus.com/bid/28802
CVE-Name
CVE-2008-0892
CVE-2008-0893
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
