Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Directory_server | Redhat | * | 7.1 (including) |
| Red Hat Directory Server 7.1 for RHEL 3 | RedHat | redhat-ds-0:7.1SP4-7.RHEL3 | * |
| Red Hat Directory Server 7.1 for RHEL 4 | RedHat | redhat-ds-0:7.1SP4-7.RHEL4 | * |
References
- http://secunia.com/advisories/29350
- http://www.redhat.com/support/errata/RHSA-2008-0173.html
- http://www.securityfocus.com/bid/28204
- http://www.securitytracker.com/id?1019577
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41152
- http://secunia.com/advisories/29350
- http://www.redhat.com/support/errata/RHSA-2008-0173.html
- http://www.securityfocus.com/bid/28204
- http://www.securitytracker.com/id?1019577
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41152