CVE-2008-0889Incorrect Permission Assignment in Redhat Directory Server

CWE-264CWE-732Incorrect Permission Assignment6 documents5 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 79.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Directory Server
Timeline
PublishedMar 20
Latest updateMay 1

Description

Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: www.redhat.comPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-33j4-pwcw-qh87: Red Hat Directory Server 82022-05-01
CVEList
CVE-2008-0889: Red Hat Directory Server 82008-03-20

📋Vendor Advisories

1
Red Hat
server: insecure permissions on fedora/redhat-idm-console2008-03-19

💬Community

2
Bugzilla
CVE-2008-0889 directory server: insecure permissions on fedora/redhat-idm-console2008-03-05
Bugzilla
CVE-2008-0890 DirServ 7.1: insecure default permissions on jars directory2008-03-05
CVE-2008-0889 — Incorrect Permission Assignment | cvebase