Redhat Directory Server vulnerabilities

CVE-2008-2929 [MEDIUM] CWE-79 CVE-2008-2929: Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use %

CVE-2008-1677 [HIGH] CWE-120 CVE-2008-1677: Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.

CVE-2008-0892 [CRITICAL] CWE-20 CVE-2008-0892: The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used b The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.

CVE-2008-0893 [HIGH] CWE-264 CVE-2008-0893: Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properl Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.

CVE-2008-0889 [LOW] CWE-264 CVE-2008-0889: Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions fo Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script.

CVE-2008-0890 [MEDIUM] CWE-264 CVE-2008-0890: Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which all Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors.