Table of Contents
Advertisement
Bug Number
Alternate ID
440333
448831
CVE-
2008-2930
454065
450973
452169
453916
413531
453921
CVE-
2008-2928
Description
for the masters, replication could not be easily restarted. The
severity of the problem increased with the number of updates
made to the Directory Server.
This has been fixed.
There were uninitialized variables in plug-ins for logging and
access controls. These have been fixed.
A flaw in the way the Directory Server handled LDAP search
requests using patterns could allow a remote attacker to cause
the Directory Server to use large amounts of CPU time. Pattern
searches were not restricted by normal directory search time
limits. If the attacker had access to LDAP service, he could
create a search request with a search pattern that matched
specially-crafted data records, running searches without time
limits and consuming CPU time.
The Directory Server has been updated to apply the
nsslapd-timelimit attribute to the pattern search query
run time. This attribute has a default limit of 3600 seconds (one
hour). To shorten the time limit, modify the nsslapd-
timelimit parameter in cn=config. For example:
ldapmodify -D "cn=Directory Manager" -w
password
dn: cn=config
changetype: modify
replace: nsslapd-timelimit
nsslapd-timelimit: 30
Password policy attributes are not replicated by default.
However, if a password attribute such as accountunlock-
time was added to an entry, the server would attempt to rep-
licate that attribute, which would cause an error. Rather than
correctly processing the error, replication would fail.
This has been fixed.
In replication scenarios, if an attribute value was scheduled to
be deleted and also was indexed or had an attribute subtype
which was indexed, the Directory Server would crash during
the index operation.
This has been fixed.
Several Directory Server CGI applications were affected by a
buffer overflow flaw in the routine which parses Accept Lan-
guage HTTP headers. The web services could be configured
to allow acceptable language configurations which caused the
Bugs Fixed in Directory Server 7.1 SP7
9
Advertisement
Table of Contents
Related Manuals for Red Hat DIRECTORY SERVER 7.1 SP7 - RELEASE NOTES
Related Products for Red Hat DIRECTORY SERVER 7.1 SP7 - RELEASE NOTES
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1
- Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR
- Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT
- Red Hat DIRECTORY SERVER 7.1 - GATEWAY CUSTOMIZATION
- Red Hat DIRECTORY SERVER 7.1 - PLUG-IN PROGRAMMERS
- Red Hat DIRECTORY SERVER 8.0
- Red Hat DIRECTORY SERVER 8.1 - 11-01-2010