Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/bid/29126 | third party advisory vdb entry |
| http://www.securitytracker.com/id?1020001 | third party advisory vdb entry |
| http://www.redhat.com/support/errata/RHSA-2008-0268.html | third party advisory vendor advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=444712 | third party advisory issue tracking |
| http://secunia.com/advisories/30185 | third party advisory broken link |
| http://secunia.com/advisories/30181 | third party advisory broken link |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42332 | third party advisory vdb entry |
| http://www.redhat.com/support/errata/RHSA-2008-0269.html | third party advisory vendor advisory |