CVE-2008-0890 — Incorrect Permission Assignment in Redhat Directory Server

CWE-264 CWE-732 — Incorrect Permission Assignment5 documents5 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 80.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Directory Server

Timeline

PublishedMar 12

Latest updateMay 1

Description

Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/directory_server7.1

🔴Vulnerability Details

GHSA

GHSA-pj65-cvc7-46r9: Red Hat Directory Server 7↗2022-05-01

▶

CVEList

CVE-2008-0890: Red Hat Directory Server 7↗2008-03-12

▶

📋Vendor Advisories

Red Hat

7.1: insecure default permissions on jars directory↗2008-03-11

▶

💬Community

Bugzilla

CVE-2008-0890 DirServ 7.1: insecure default permissions on jars directory↗2008-03-05

▶