• IDP Daily Update #1321
  posted: 12/02/08
  
• NSM Daily Update #1321
  posted: 12/02/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1321
  posted: 12/02/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1300
  posted: 12/02/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 12/01/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Red Hat Directory Server Crafted Search Pattern Denial of Service Vulnerability

Severity: MODERATE

Description:

Red Hat Directory Server is an LDAPv3-compliant identity-management solution.

Red Hat Directory Server is prone to a denial-of-service vulnerability because the server fails to handle specially crafted search patterns. LDAP search patterns are translated to regular expressions, which can cause the server to iterate over very large quantities of states when matches are found.

An attacker can exploit this issue to consume CPU resources with one search request, effectively blocking additional search requests from executing. Legitimate users may be prevented from authenticating to network resources that use the affected server for authentication.

Red Hat Directory Server 7.1 and 8 are affected.

Affected Products:

• RedHat Directory Server 7.1
• RedHat Directory Server 7.1 SP1
• RedHat Directory Server 7.1 SP2
• RedHat Directory Server 7.1 SP3
• RedHat Directory Server 7.1 SP4
• RedHat Directory Server 7.1 SP5
• RedHat Directory Server 7.1 SP6
• RedHat Directory Server 8 EL 4
• RedHat Directory Server 8 EL 5

References:

• Red Hat: Bug 454065 CVE-2008-2930 Directory Server: temporary DoS via crafted pattern sea
• CVE: CVE-2008-2930
• Red Hat: RHSA-2008:0596-18 Red Hat Directory Server 7.1 Service Pack 7 security update
• Red Hat: RHSA-2008:0602-13 Moderate: redhat-ds-base and redhat-ds-admin security and bug
• Red Hat: Red Hat Directory Server Homepage