CVE-2008-3283

Current Description

Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests.

Basic Data

PublishedAugust 29, 2008
Last ModifiedSeptember 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.8
SeverityHIGH
Exploitability Score10.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationFedoraDirectory Server1.1.1*******
    2.3ApplicationRedhatDirectory Server7.1sp1******
    2.3ApplicationRedhatDirectory Server7.1sp2******
    2.3ApplicationRedhatDirectory Server7.1sp3******
    2.3ApplicationRedhatDirectory Server7.1sp4******
    2.3ApplicationRedhatDirectory Server7.1sp5******
    2.3ApplicationRedhatDirectory Server7.1sp6******
    2.3ApplicationRedhatDirectory Server8.0*******

Vulnerable Software List

VendorProductVersions
Fedora Directory Server 1.1.1
Redhat Directory Server 7.1, 8.0

References

NameSourceURLTags
SSRT080113http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861HP
31565http://secunia.com/advisories/31565SECUNIA
31627http://secunia.com/advisories/31627SECUNIA
31702http://secunia.com/advisories/31702SECUNIA
31867http://secunia.com/advisories/31867SECUNIA
31913http://secunia.com/advisories/31913SECUNIA
1020774http://securitytracker.com/id?1020774SECTRACK
http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.htmlhttp://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.htmlCONFIRMPatch
RHSA-2008:0602http://www.redhat.com/support/errata/RHSA-2008-0602.htmlREDHAT
RHSA-2008:0858http://www.redhat.com/support/errata/RHSA-2008-0858.htmlREDHAT
30872http://www.securityfocus.com/bid/30872BIDPatch
ADV-2008-2480http://www.vupen.com/english/advisories/2008/2480VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=458977https://bugzilla.redhat.com/show_bug.cgi?id=458977CONFIRM
rhds-leaks-dos(44731)https://exchange.xforce.ibmcloud.com/vulnerabilities/44731XF
oval:org.mitre.oval:def:6118https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6118OVAL
RHSA-2008:0596https://rhn.redhat.com/errata/RHSA-2008-0596.htmlREDHAT
FEDORA-2008-7813https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00521.htmlFEDORA
FEDORA-2008-7891https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00708.htmlFEDORA