Vulnerabilities > CVE-2008-2930 - Resource Management Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 7 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Red Hat 8/9 Directory Server Crafted Search Pattern Denial of Service Vulnerability. CVE-2008-2930. Dos exploit for linux platform |
| id | EDB-ID:32304 |
| last seen | 2016-02-03 |
| modified | 2008-08-27 |
| published | 2008-08-27 |
| reporter | Ulf Weltman |
| source | https://www.exploit-db.com/download/32304/ |
| title | Red Hat 8/9 - Directory Server Crafted Search Pattern Denial of Service Vulnerability |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2008-7813.NASL description This is the release of Fedora Directory Server 1.1.2. Security issues addressed: CVE-2008-2930 CVE-2008-3283 In addition to the CVEs listed above, this release fixes the following list of bugs: https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_reso lved=0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34175 published 2008-09-12 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34175 title Fedora 9 : fedora-ds-base-1.1.2-1.fc9 (2008-7813) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-7813. # include("compat.inc"); if (description) { script_id(34175); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-2930", "CVE-2008-3283"); script_bugtraq_id(30871, 30872); script_xref(name:"FEDORA", value:"2008-7813"); script_name(english:"Fedora 9 : fedora-ds-base-1.1.2-1.fc9 (2008-7813)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This is the release of Fedora Directory Server 1.1.2. Security issues addressed: CVE-2008-2930 CVE-2008-3283 In addition to the CVEs listed above, this release fixes the following list of bugs: https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_reso lved=0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=454065" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=458977" ); # https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_resolved=0 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?15485138" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014052.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0d5203e7" ); script_set_attribute( attribute:"solution", value:"Update the affected fedora-ds-base package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:fedora-ds-base"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC9", reference:"fedora-ds-base-1.1.2-1.fc9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fedora-ds-base"); }NASL family Fedora Local Security Checks NASL id FEDORA_2008-7891.NASL description This is the release of Fedora Directory Server 1.1.2. Security issues addressed: CVE-2008-2930 CVE-2008-3283 In addition to the CVEs listed above, this release fixes the following list of bugs: https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_reso lved=0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34178 published 2008-09-12 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34178 title Fedora 8 : fedora-ds-base-1.1.2-1.fc8 (2008-7891) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-7891. # include("compat.inc"); if (description) { script_id(34178); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-2930", "CVE-2008-3283"); script_bugtraq_id(30871, 30872); script_xref(name:"FEDORA", value:"2008-7891"); script_name(english:"Fedora 8 : fedora-ds-base-1.1.2-1.fc8 (2008-7891)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This is the release of Fedora Directory Server 1.1.2. Security issues addressed: CVE-2008-2930 CVE-2008-3283 In addition to the CVEs listed above, this release fixes the following list of bugs: https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_reso lved=0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=454065" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=458977" ); # https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_resolved=0 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?15485138" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014239.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e408ddeb" ); script_set_attribute( attribute:"solution", value:"Update the affected fedora-ds-base package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:fedora-ds-base"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"fedora-ds-base-1.1.2-1.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fedora-ds-base"); }
Oval
| accepted | 2015-04-20T04:02:29.798-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| description | Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:6078 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2008-09-02T12:41:14.000-04:00 | ||||||||||||||||||||
| title | HP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS) | ||||||||||||||||||||
| version | 45 |
Redhat
| advisories |
| ||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 30871 CVE ID: CVE-2008-2930 CNCVE ID:CNCVE-20082930 Red Hat Directory Server是一款LDAPv3兼容的目录服务程序。 Red Hat Directory Server处理特殊模式的LDAP搜索请求存在缺陷,远程攻击者可以利用漏洞使服务程序消耗大量CPU时间造成拒绝服务攻击。 LDAP搜索模式在内部转换为规则表达式,能访问LDAP服务的远程攻击者可以建立搜索请求,当搜索模式匹配特殊构建的数据记录时,可导致目录服务器使用大量CPU时间。目录服务器没有对这些搜索请求的时间进行强制限制。 RedHat Directory Server 8 EL 5 RedHat Directory Server 8 EL 4 RedHat Directory Server 7.1 SP6 RedHat Directory Server 7.1 SP5 RedHat Directory Server 7.1 SP4 RedHat Directory Server 7.1 SP3 RedHat Directory Server 7.1 SP2 RedHat Directory Server 7.1 SP1 RedHat Directory Server 7.1 可参考如下安全公告获得补丁信息: <a href=http://rhn.redhat.com/errata/RHSA-2008-0596.html target=_blank>http://rhn.redhat.com/errata/RHSA-2008-0596.html</a> |
| id | SSV:3930 |
| last seen | 2017-11-19 |
| modified | 2008-08-28 |
| published | 2008-08-28 |
| reporter | Root |
| title | Red Hat Directory Server特殊构建的搜索模式拒绝服务漏洞 |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861
- http://secunia.com/advisories/31565
- http://secunia.com/advisories/31627
- http://secunia.com/advisories/31702
- http://secunia.com/advisories/31867
- http://securitytracker.com/id?1020773
- http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html
- http://www.redhat.com/support/errata/RHSA-2008-0602.html
- http://www.redhat.com/support/errata/RHSA-2008-0858.html
- http://www.securityfocus.com/bid/30871
- http://www.vupen.com/english/advisories/2008/2480
- https://bugzilla.redhat.com/show_bug.cgi?id=454065
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44733
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6078
- https://rhn.redhat.com/errata/RHSA-2008-0596.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00521.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00708.html