Title: Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities

Severity: MODERATE

Description:

Red Hat Directory Server is an LDAPv3-compliant authentication solution.

Directory Server is prone to multiple remote denial-of-service vulnerabilities due to memory leaks. An attacker may exploit these issues during the authentication / bind phases of an LDAP session or by making LDAP search requests. These issues include LDAP search requests made anonymously.

Successful attacks may allow the attacker to crash the application, denying access to legitimate users.

Directory Server 7.1, 8 EL4, and 8 EL5 are vulnerable.

Affected Products:

RedHat Directory Server 7.1
RedHat Directory Server 7.1 SP1
RedHat Directory Server 7.1 SP2
RedHat Directory Server 7.1 SP3
RedHat Directory Server 7.1 SP4
RedHat Directory Server 7.1 SP5
RedHat Directory Server 7.1 SP6
RedHat Directory Server 8 EL 4
RedHat Directory Server 8 EL 5

References:

Red Hat: RHSA-2008:0596-18 Red Hat Directory Server 7.1 Service Pack 7 security update
Red Hat: RHSA-2008:0602-13 Moderate: redhat-ds-base and redhat-ds-admin security and bug
Red Hat: Red Hat Directory Server Homepage

J-Security Center

Title: Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities

Severity: MODERATE

Description:

Affected Products:

References: