10
CVE-2008-2928
- EPSS 6.64%
- Veröffentlicht 29.08.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Directory Server Version7.1 Updatesp1
Redhat ≫ Directory Server Version7.1 Updatesp2
Redhat ≫ Directory Server Version7.1 Updatesp3
Redhat ≫ Directory Server Version7.1 Updatesp4
Redhat ≫ Directory Server Version7.1 Updatesp5
Redhat ≫ Directory Server Version7.1 Updatesp6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.64% | 0.93 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861
http://secunia.com/advisories/31565
http://secunia.com/advisories/31702
http://secunia.com/advisories/31777
http://securitytracker.com/id?1020771
http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html
http://www.securityfocus.com/bid/30869
http://www.vupen.com/english/advisories/2008/2480
https://bugzilla.redhat.com/show_bug.cgi?id=453916
https://exchange.xforce.ibmcloud.com/vulnerabilities/44738
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5865
https://rhn.redhat.com/errata/RHSA-2008-0596.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00218.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00449.html