CVE-2008-0892

Current Description

The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.

Basic Data

PublishedApril 16, 2008
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.0
SeverityHIGH
Exploitability Score8.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatDirectory Server7.1*******
    2.3OSRed HatDirectory Server8el4******
    2.3OSRed HatDirectory Server8el5******
    2.3OSRedhatFedora Directory Server********

Vulnerable Software List

VendorProductVersions
Redhat Directory Server 7.1
Redhat Fedora Directory Server *
Red Hat Directory Server 8

References

NameSourceURLTags
HPSBUX02324http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676HP
29761http://secunia.com/advisories/29761SECUNIA
29826http://secunia.com/advisories/29826SECUNIA
30114http://secunia.com/advisories/30114SECUNIA
RHSA-2008:0199http://www.redhat.com/support/errata/RHSA-2008-0199.htmlREDHAT
RHSA-2008:0201http://www.redhat.com/support/errata/RHSA-2008-0201.htmlREDHAT
28802http://www.securityfocus.com/bid/28802BID
1019856http://www.securitytracker.com/id?1019856SECTRACK
ADV-2008-1449http://www.vupen.com/english/advisories/2008/1449/referencesVUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=437301https://bugzilla.redhat.com/show_bug.cgi?id=437301CONFIRM
rhds-replmonitor-command-execution(41840)https://exchange.xforce.ibmcloud.com/vulnerabilities/41840XF
FEDORA-2008-3214https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.htmlFEDORA
FEDORA-2008-3220https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.htmlFEDORA