Signature Detail

HTTP: Red Hat Directory Server Accept-Language HTTP Header Parsing Buffer Overflow

This signature detects attempts to exploit a known vulnerability in Red Hat Directory Server. It is due to improper data validation in the Administrator Web Interface component. A remote attacker can trigger this by sending crafted HTTP request to the affected service, potentially injecting and executing arbitrary code with root level privileges. In a successful sophisticated code injection attack, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service. In an attack case where code injection is not successful, the affected CGI application terminates abnormally.

Extended Description

Red Hat Directory Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions. NOTE: The Administration Server of Directory Server usually runs with superuser privileges. The following are affected: - Red Hat Directory Server 7.1 - Versions prior to 'adminutil' 1.1.7

Affected Products

• HP HP-UX 11.11.0
• HP HP-UX 11.23.0
• HP HP-UX 11.31
• Red Hat Directory Server 7.1
• Red Hat Directory Server 7.1 SP1
• Red Hat Directory Server 7.1 SP2
• Red Hat Directory Server 7.1 SP3
• Red Hat Directory Server 7.1 SP4
• Red Hat Directory Server 7.1 SP5
• Red Hat Directory Server 7.1 SP6
• Red Hat Fedora 8
• Red Hat Fedora 9

References

• BugTraq: 30869
• CVE: CVE-2008-2928