Vulnerabilities > CVE-2008-2930 - Resource Management Errors vulnerability in multiple products

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
fedora
redhat
CWE-399
nessus
exploit available

Summary

Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.

Vulnerable Configurations

Part Description Count
Application
Fedora
1
Application
Redhat
7

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionRed Hat 8/9 Directory Server Crafted Search Pattern Denial of Service Vulnerability. CVE-2008-2930. Dos exploit for linux platform
idEDB-ID:32304
last seen2016-02-03
modified2008-08-27
published2008-08-27
reporterUlf Weltman
sourcehttps://www.exploit-db.com/download/32304/
titleRed Hat 8/9 - Directory Server Crafted Search Pattern Denial of Service Vulnerability

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-7813.NASL
    descriptionThis is the release of Fedora Directory Server 1.1.2. Security issues addressed: CVE-2008-2930 CVE-2008-3283 In addition to the CVEs listed above, this release fixes the following list of bugs: https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_reso lved=0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34175
    published2008-09-12
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34175
    titleFedora 9 : fedora-ds-base-1.1.2-1.fc9 (2008-7813)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-7813.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34175);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:28");
    
      script_cve_id("CVE-2008-2930", "CVE-2008-3283");
      script_bugtraq_id(30871, 30872);
      script_xref(name:"FEDORA", value:"2008-7813");
    
      script_name(english:"Fedora 9 : fedora-ds-base-1.1.2-1.fc9 (2008-7813)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This is the release of Fedora Directory Server 1.1.2. Security issues
    addressed: CVE-2008-2930 CVE-2008-3283 In addition to the CVEs listed
    above, this release fixes the following list of bugs:
    https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_reso
    lved=0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=454065"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=458977"
      );
      # https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_resolved=0
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?15485138"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014052.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0d5203e7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected fedora-ds-base package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:fedora-ds-base");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/09/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC9", reference:"fedora-ds-base-1.1.2-1.fc9")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fedora-ds-base");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-7891.NASL
    descriptionThis is the release of Fedora Directory Server 1.1.2. Security issues addressed: CVE-2008-2930 CVE-2008-3283 In addition to the CVEs listed above, this release fixes the following list of bugs: https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_reso lved=0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34178
    published2008-09-12
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34178
    titleFedora 8 : fedora-ds-base-1.1.2-1.fc8 (2008-7891)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-7891.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34178);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:28");
    
      script_cve_id("CVE-2008-2930", "CVE-2008-3283");
      script_bugtraq_id(30871, 30872);
      script_xref(name:"FEDORA", value:"2008-7891");
    
      script_name(english:"Fedora 8 : fedora-ds-base-1.1.2-1.fc8 (2008-7891)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This is the release of Fedora Directory Server 1.1.2. Security issues
    addressed: CVE-2008-2930 CVE-2008-3283 In addition to the CVEs listed
    above, this release fixes the following list of bugs:
    https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_reso
    lved=0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=454065"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=458977"
      );
      # https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_resolved=0
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?15485138"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014239.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e408ddeb"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected fedora-ds-base package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:fedora-ds-base");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/09/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC8", reference:"fedora-ds-base-1.1.2-1.fc8")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fedora-ds-base");
    }
    

Oval

accepted2015-04-20T04:02:29.798-04:00
classvulnerability
contributors
  • nameMichael Wood
    organizationHewlett-Packard
  • nameSushant Kumar Singh
    organizationHewlett-Packard
  • nameSushant Kumar Singh
    organizationHewlett-Packard
  • namePrashant Kumar
    organizationHewlett-Packard
  • nameMike Cokus
    organizationThe MITRE Corporation
descriptionRed Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.
familyunix
idoval:org.mitre.oval:def:6078
statusaccepted
submitted2008-09-02T12:41:14.000-04:00
titleHP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS)
version45

Redhat

advisories
  • rhsa
    idRHSA-2008:0596
  • rhsa
    idRHSA-2008:0602
  • rhsa
    idRHSA-2008:0858
rpms
  • redhat-ds-0:7.1SP7-14.RHEL3
  • redhat-ds-0:7.1SP7-14.RHEL4
  • redhat-ds-admin-0:8.0.4-3.el4dsrv
  • redhat-ds-admin-0:8.0.4-3.el5dsrv
  • redhat-ds-admin-debuginfo-0:8.0.4-3.el4dsrv
  • redhat-ds-admin-debuginfo-0:8.0.4-3.el5dsrv
  • redhat-ds-base-0:8.0.4-7.el4dsrv
  • redhat-ds-base-0:8.0.4-7.el5dsrv
  • redhat-ds-base-debuginfo-0:8.0.4-7.el4dsrv
  • redhat-ds-base-debuginfo-0:8.0.4-7.el5dsrv
  • redhat-ds-base-devel-0:8.0.4-7.el4dsrv
  • redhat-ds-base-devel-0:8.0.4-7.el5dsrv
  • redhat-ds-base-0:8.0.4-7.el5dsrv
  • redhat-ds-base-debuginfo-0:8.0.4-7.el5dsrv
  • redhat-ds-base-devel-0:8.0.4-7.el5dsrv

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 30871 CVE ID: CVE-2008-2930 CNCVE ID:CNCVE-20082930 Red Hat Directory Server是一款LDAPv3兼容的目录服务程序。 Red Hat Directory Server处理特殊模式的LDAP搜索请求存在缺陷,远程攻击者可以利用漏洞使服务程序消耗大量CPU时间造成拒绝服务攻击。 LDAP搜索模式在内部转换为规则表达式,能访问LDAP服务的远程攻击者可以建立搜索请求,当搜索模式匹配特殊构建的数据记录时,可导致目录服务器使用大量CPU时间。目录服务器没有对这些搜索请求的时间进行强制限制。 RedHat Directory Server 8 EL 5 RedHat Directory Server 8 EL 4 RedHat Directory Server 7.1 SP6 RedHat Directory Server 7.1 SP5 RedHat Directory Server 7.1 SP4 RedHat Directory Server 7.1 SP3 RedHat Directory Server 7.1 SP2 RedHat Directory Server 7.1 SP1 RedHat Directory Server 7.1 可参考如下安全公告获得补丁信息: <a href=http://rhn.redhat.com/errata/RHSA-2008-0596.html target=_blank>http://rhn.redhat.com/errata/RHSA-2008-0596.html</a>
idSSV:3930
last seen2017-11-19
modified2008-08-28
published2008-08-28
reporterRoot
titleRed Hat Directory Server特殊构建的搜索模式拒绝服务漏洞