CVE-2008-2932

Current Description

Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via % (percent) encoded HTTP input to unspecified CGI scripts in Fedora Directory Server. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-2929.

Basic Data

PublishedSeptember 12, 2008
Last ModifiedAugust 08, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatAdminutil1.1.6*******

Vulnerable Software List

VendorProductVersions
Redhat Adminutil 1.1.6

References

NameSourceURLTags
31777http://secunia.com/advisories/31777SECUNIAVendor Advisory
31106http://www.securityfocus.com/bid/31106BID
https://bugzilla.redhat.com/show_bug.cgi?id=454662https://bugzilla.redhat.com/show_bug.cgi?id=454662CONFIRM
redhat-adminutil-encoded-input-bo(45203)https://exchange.xforce.ibmcloud.com/vulnerabilities/45203XF
FEDORA-2008-7642https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00218.htmlFEDORA
FEDORA-2008-7339https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00449.htmlFEDORA