Table of Contents
Advertisement
Release Notes
Bug Number
Alternate ID
454328
454621
245248
454658
CVE-
2008-2929
458171
458506
CVE-
2008-3283
458692
458977
458507
CVE-
2008-3283
458692
458977
458510
CVE-
2008-3283
10
Description
web services to quit functioning and crash the server. A remote
attacker with access to the Administration Server web interface
could exploit the flaw to crash those CGIs or, possibly, to ex-
ecute arbitrary code with the privileges of the Administration
Server, which typically runs as the root user on the host ma-
chine.
This has been fixed.
The Directory Server crashed on some looping operations,
such as recursively adding groups as members to other groups
(Group A becomes a member of Group B, which becomes a
member of Group C, and so on). Because the stack size for
64-bit systems was hard-coded to 256KB, relatively small
loops could still overflow the stack.
This has been fixed.
The Directory Server Gateway and Administration Server Ex-
press interfaces had scripting issues cause by improperly pars-
ing a percent (%)-escaped value provided by a user. A remote
attacker could exploit this flaw to execute cross-site attacks
against Directory Server users or administrators who used
those web services.
These errors have been fixed.
On HP-UX, when running an approximate search, the search
code could return an error code 3, which corresponds to the
LDAP error code for exceeding the search time limit. This
meant that an appropximate search could end prematurely with
a timeout error, even though the time limit had not been
reached.
This error has been fixed.
There was a memory leak error in the SASL bind code. This
error was difficult to trigger in real-world scenarios because it
required sending a 0-valued password for a SASL bind, but it
could be triggered by an anonymous user.
This error has been fixed.
There was a memory leak error when changing the password
storage scheme. This error could only be triggered by an ad-
min user, not an anonymous user.
This error has been fixed.
There was a memory leak error when a user attempted to
change a password; if the given DN for the password change
Advertisement
Table of Contents
Related Manuals for Red Hat DIRECTORY SERVER 7.1 SP7 - RELEASE NOTES
Related Products for Red Hat DIRECTORY SERVER 7.1 SP7 - RELEASE NOTES
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1
- Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR
- Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT
- Red Hat DIRECTORY SERVER 7.1 - GATEWAY CUSTOMIZATION
- Red Hat DIRECTORY SERVER 7.1 - PLUG-IN PROGRAMMERS
- Red Hat DIRECTORY SERVER 8.0
- Red Hat DIRECTORY SERVER 8.1 - 11-01-2010