| Vulnerability Name: | CVE-2008-3283 (CCN-44731) | ||||||||
| Assigned: | 2008-08-27 | ||||||||
| Published: | 2008-08-27 | ||||||||
| Updated: | 2017-09-29 | ||||||||
| Summary: | Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C) 5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-399 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-3283 Source: CCN Type: HP Security Bulletin HPSBUX02354 SSRT080113 rev.1 HP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS) Source: HP Type: UNKNOWN SSRT080113 Source: CCN Type: RHSA-2008-0596 Critical: Red Hat Directory Server 7.1 Service Pack 7 security update Source: CCN Type: RHSA-2008-0602 Moderate: redhat-ds-base and redhat-ds-admin security and bug fix update Source: CCN Type: RHSA-2008-0858 Moderate: redhat-ds-base security and bug fix update Source: CCN Type: SA31565 Red Hat Directory Server Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 31565 Source: CCN Type: SA31627 Red Hat Directory Server Denial of Service Vulnerabilities Source: SECUNIA Type: UNKNOWN 31627 Source: CCN Type: SA31702 HP-UX update for Netscape / Red Hat Directory Server Source: SECUNIA Type: UNKNOWN 31702 Source: SECUNIA Type: UNKNOWN 31867 Source: CCN Type: SA31913 Fedora Directory Server Denial of Service Vulnerabilities Source: SECUNIA Type: UNKNOWN 31913 Source: CCN Type: SECTRACK ID: 1020774 Red Hat Directory Server Memory Leaks Let Remote Users Deny Service Source: SECTRACK Type: UNKNOWN 1020774 Source: CCN Type: Red Hat Web site Red Hat Directory Server Source: CONFIRM Type: Patch http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html Source: REDHAT Type: UNKNOWN RHSA-2008:0602 Source: REDHAT Type: UNKNOWN RHSA-2008:0858 Source: BID Type: Patch 30872 Source: CCN Type: BID-30872 Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2008-2480 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=458977 Source: XF Type: UNKNOWN rhds-leaks-dos(44731) Source: XF Type: UNKNOWN rhds-leaks-dos(44731) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6118 Source: REDHAT Type: UNKNOWN RHSA-2008:0596 Source: FEDORA Type: UNKNOWN FEDORA-2008-7813 Source: FEDORA Type: UNKNOWN FEDORA-2008-7891 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||