Headline
CVE-2008-1677: 444712 – (CVE-2008-1677) CVE-2008-1677 Directory Server: insufficient buffer size for search patterns
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.
Description Tomas Hoger 2008-04-30 08:22:40 UTC
Nathan Kinder discovered that Red Hat / Fedora Directory Server uses fixed-size buffer for storing regular expressions used in LDAP searches. This buffer can overflow when search pattern from user-supplied LDAP request is translated into a regular expression, resulting in a slapd daemon crash, or, possibly, arbitrary code execution. This issue can be triggered by any user permitted to perform LDAP searches, including anonymous user if anonymous access is permitted by ACLs (permitted by default).
Affected versions: Red Hat Directory Server 7.1 Red Hat Directory Server 8 Fedora Directory Server 1.1