Vulnerability Description
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Directory Server | 7.1 |
| Redhat | Fedora Directory Server | All versions |
Related Weaknesses (CWE)
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676Broken Link
- http://secunia.com/advisories/29761Broken Link
- http://secunia.com/advisories/29826Broken Link
- http://secunia.com/advisories/30114Broken Link
- http://www.redhat.com/support/errata/RHSA-2008-0199.htmlBroken Link
- http://www.redhat.com/support/errata/RHSA-2008-0201.htmlBroken Link
- http://www.securityfocus.com/bid/28802Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1019856Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2008/1449/referencesBroken Link
- https://bugzilla.redhat.com/show_bug.cgi?id=437301Issue TrackingVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41840Third Party AdvisoryVDB Entry
- https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.htmlThird Party Advisory
- https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.htmlThird Party Advisory
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676Broken Link
- http://secunia.com/advisories/29761Broken Link
FAQ
What is CVE-2008-0892?
CVE-2008-0892 is a vulnerability with a CVSS score of 9.0 (HIGH). The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.
How severe is CVE-2008-0892?
CVE-2008-0892 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0892?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Directory Server, Redhat Fedora Directory Server.