Red Hat Directory Server CGI scripts security bypass
| rhds-cgiscripts-security-bypass (41843) |  Medium Risk |
Description:
Red Hat Directory Server could allow a remote attacker from within the local network to bypass security restrictions, caused by the improper restricting of CGI scripts. An attacker with access to TCP port 9830 could exploit this vulnerability and bypass security restrictions to obtain sensitive information and perform other arbitrary tasks on the vulnerable system.
Platforms Affected:
- RedHat, Directory Server 8
Remedy:
Refer to RHSA-2008:0201-4 for patch, upgrade or suggested workaround information. See References.
Consequences:
Bypass Security
References:
- BID-28802: Red Hat 'redhat-ds-admin' Shell Command Injection and Security Bypass Vulnerabilities
- CVE-2008-0893: Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.
- RHSA-2008-0201: Critical: redhat-ds-admin security update
- SA29761: Red Hat update for redhat-ds-admin
- SECTRACK ID: 1019857: Red Hat Directory Server Lets Remote Users Access Administrative CGI Scripts
Reported:
Apr 15, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net