Info

Disclosure

Dec 06, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Dec 06, 2010

Description

389 Directory Server is prone to an overflow condition. The UUID generator fails to properly sanitize user-supplied input resulting in an overflow. This may allow a remote attacker to cause a denial of service or execute arbitrary code. No further details have been provided.

Classification

Location: Location Unknown
Attack Type: Input Manipulation
Impact: Impact Unknown
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 1.2.7.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Red Hat, Inc.

389 Directory Server

1.2.11.5

References

Vendor URL: http://port389.org/wiki/Main_Page
Vendor Specific News/Changelog Entry: http://port389.org/wiki/Release_Notes
https://bugzilla.redhat.com/show_bug.cgi?id=197886

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84083