Vulnerabilities > CVE-2011-0022 - Resource Management Errors vulnerability in multiple products

CVSS 4.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

fedoraproject

redhat

CWE-399

NVD

Published: 2011-02-23

Updated: 2011-03-31

Summary

The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.

Vulnerable Configurations

Part	Description	Count
Application	Fedoraproject Fedoraproject 389 Directory Server 1.2.1 Fedoraproject 389 Directory Server 1.2.2 Fedoraproject 389 Directory Server 1.2.3 Fedoraproject 389 Directory Server 1.2.5 Fedoraproject 389 Directory Server 1.2.6 Fedoraproject 389 Directory Server 1.2.6.1 Fedoraproject 389 Directory Server 1.2.7 Fedoraproject 389 Directory Server 1.2.7.5 Fedoraproject 389 Directory Server 1.2.8	22
Application	Redhat Redhat Directory Server 8.2 Redhat Directory Server 8.2.3	2

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Redhat

advisories

rhsa

id	RHSA-2011:0293

rpms

redhat-ds-admin-0:8.2.1-1.el4dsrv
redhat-ds-admin-0:8.2.1-1.el5dsrv
redhat-ds-admin-debuginfo-0:8.2.1-1.el4dsrv
redhat-ds-admin-debuginfo-0:8.2.1-1.el5dsrv
redhat-ds-base-0:8.2.4-1.el4dsrv
redhat-ds-base-0:8.2.4-1.el5dsrv
redhat-ds-base-debuginfo-0:8.2.4-1.el4dsrv
redhat-ds-base-debuginfo-0:8.2.4-1.el5dsrv
redhat-ds-base-devel-0:8.2.4-1.el4dsrv
redhat-ds-base-devel-0:8.2.4-1.el5dsrv

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Redhat

References