Vulnerabilities > CVE-2008-3283 - Resource Management Errors vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
fedora
redhat
CWE-399
nessus

Summary

Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests.

Vulnerable Configurations

Part Description Count
Application
Fedora
1
Application
Redhat
7

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-7813.NASL
    descriptionThis is the release of Fedora Directory Server 1.1.2. Security issues addressed: CVE-2008-2930 CVE-2008-3283 In addition to the CVEs listed above, this release fixes the following list of bugs: https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_reso lved=0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34175
    published2008-09-12
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34175
    titleFedora 9 : fedora-ds-base-1.1.2-1.fc9 (2008-7813)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-7813.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34175);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:28");
    
      script_cve_id("CVE-2008-2930", "CVE-2008-3283");
      script_bugtraq_id(30871, 30872);
      script_xref(name:"FEDORA", value:"2008-7813");
    
      script_name(english:"Fedora 9 : fedora-ds-base-1.1.2-1.fc9 (2008-7813)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This is the release of Fedora Directory Server 1.1.2. Security issues
    addressed: CVE-2008-2930 CVE-2008-3283 In addition to the CVEs listed
    above, this release fixes the following list of bugs:
    https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_reso
    lved=0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=454065"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=458977"
      );
      # https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_resolved=0
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?15485138"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014052.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0d5203e7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected fedora-ds-base package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:fedora-ds-base");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/09/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC9", reference:"fedora-ds-base-1.1.2-1.fc9")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fedora-ds-base");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-7891.NASL
    descriptionThis is the release of Fedora Directory Server 1.1.2. Security issues addressed: CVE-2008-2930 CVE-2008-3283 In addition to the CVEs listed above, this release fixes the following list of bugs: https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_reso lved=0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34178
    published2008-09-12
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34178
    titleFedora 8 : fedora-ds-base-1.1.2-1.fc8 (2008-7891)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-7891.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34178);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:28");
    
      script_cve_id("CVE-2008-2930", "CVE-2008-3283");
      script_bugtraq_id(30871, 30872);
      script_xref(name:"FEDORA", value:"2008-7891");
    
      script_name(english:"Fedora 8 : fedora-ds-base-1.1.2-1.fc8 (2008-7891)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This is the release of Fedora Directory Server 1.1.2. Security issues
    addressed: CVE-2008-2930 CVE-2008-3283 In addition to the CVEs listed
    above, this release fixes the following list of bugs:
    https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_reso
    lved=0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=454065"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=458977"
      );
      # https://bugzilla.redhat.com/showdependencytree.cgi?id=452721&hide_resolved=0
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?15485138"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014239.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e408ddeb"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected fedora-ds-base package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:fedora-ds-base");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/09/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC8", reference:"fedora-ds-base-1.1.2-1.fc8")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fedora-ds-base");
    }
    

Oval

accepted2015-04-20T04:02:30.681-04:00
classvulnerability
contributors
  • nameMichael Wood
    organizationHewlett-Packard
  • nameSushant Kumar Singh
    organizationHewlett-Packard
  • nameSushant Kumar Singh
    organizationHewlett-Packard
  • namePrashant Kumar
    organizationHewlett-Packard
  • nameMike Cokus
    organizationThe MITRE Corporation
descriptionMultiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests.
familyunix
idoval:org.mitre.oval:def:6118
statusaccepted
submitted2008-09-02T12:41:14.000-04:00
titleHP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS)
version45

Redhat

advisories
  • rhsa
    idRHSA-2008:0596
  • rhsa
    idRHSA-2008:0602
  • rhsa
    idRHSA-2008:0858
rpms
  • redhat-ds-0:7.1SP7-14.RHEL3
  • redhat-ds-0:7.1SP7-14.RHEL4
  • redhat-ds-admin-0:8.0.4-3.el4dsrv
  • redhat-ds-admin-0:8.0.4-3.el5dsrv
  • redhat-ds-admin-debuginfo-0:8.0.4-3.el4dsrv
  • redhat-ds-admin-debuginfo-0:8.0.4-3.el5dsrv
  • redhat-ds-base-0:8.0.4-7.el4dsrv
  • redhat-ds-base-0:8.0.4-7.el5dsrv
  • redhat-ds-base-debuginfo-0:8.0.4-7.el4dsrv
  • redhat-ds-base-debuginfo-0:8.0.4-7.el5dsrv
  • redhat-ds-base-devel-0:8.0.4-7.el4dsrv
  • redhat-ds-base-devel-0:8.0.4-7.el5dsrv
  • redhat-ds-base-0:8.0.4-7.el5dsrv
  • redhat-ds-base-debuginfo-0:8.0.4-7.el5dsrv
  • redhat-ds-base-devel-0:8.0.4-7.el5dsrv

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 30872 CVE ID: CVE-2008-3283 CNCVE ID:CNCVE-20083283 Red Hat Directory Server是一款LDAPv3兼容的目录服务程序。 Red Hat Directory Server存在多个内存泄漏问题,远程攻击者可以利用漏洞使目录服务器消耗大量内存,可能导致应用程序崩溃或不可期的终止。 目前没有详细漏洞细节提供。 RedHat Directory Server 8 EL 5 RedHat Directory Server 8 EL 4 RedHat Directory Server 7.1 SP6 RedHat Directory Server 7.1 SP5 RedHat Directory Server 7.1 SP4 RedHat Directory Server 7.1 SP3 RedHat Directory Server 7.1 SP2 RedHat Directory Server 7.1 SP1 RedHat Directory Server 7.1 可参考如下安全公告获得补丁信息: <a href=http://rhn.redhat.com/errata/RHSA-2008-0596.html target=_blank>http://rhn.redhat.com/errata/RHSA-2008-0596.html</a>
idSSV:3933
last seen2017-11-19
modified2008-08-28
published2008-08-28
reporterRoot
titleRed Hat Directory Server LDAP内存泄漏拒绝服务漏洞