Vulnerability Description
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Directory Server | 7.1 |
| Redhat | Fedora Directory Server | 1.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30181Broken Link
- http://secunia.com/advisories/30185Broken Link
- http://www.redhat.com/support/errata/RHSA-2008-0268.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0269.htmlThird Party Advisory
- http://www.securityfocus.com/bid/29126Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1020001Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=444712Issue TrackingThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42332Third Party AdvisoryVDB Entry
- http://secunia.com/advisories/30181Broken Link
- http://secunia.com/advisories/30185Broken Link
- http://www.redhat.com/support/errata/RHSA-2008-0268.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0269.htmlThird Party Advisory
- http://www.securityfocus.com/bid/29126Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1020001Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=444712Issue TrackingThird Party Advisory
FAQ
What is CVE-2008-1677?
CVE-2008-1677 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary c...
How severe is CVE-2008-1677?
CVE-2008-1677 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1677?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Directory Server, Redhat Fedora Directory Server.