Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Red Hat Administration Server Repl-monitor-cgi Shell Command Injection Vulnerability

Date Discovered: 04/16/2008
Severity: High
Applications Affected Redhat Directory Server 8.0 and previous
Synopsis
Shell Command Injection Vulnerability has been identified in the Redhat Directory Server before 8.0.
Recommended Actions
Upgrade with latest patch.
http://rhn.redhat.com/errata/RHSA-2008-0201.html
Threat Analysis
Red hat administrator server is used by redhat directory server for configuration purpose. Redhat directory server provides all the directory related services like read, write access to the directories in a managed and secured environment.

A Shell Command Injection Vulnerability has been identified in Red Hat Directory Server 8 and prior. This issue is due to a failure in the repl-monitor-cgi.pl script to properly sanitize user-supplied input through admurl parameter.An attacker can take advantage of this issue to execute arbitrary shell commands.
References

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0892
http://secunia.com/advisories/29761
http://www.securityfocus.com/bid/28802/discuss
http://securitytracker.com/alerts/2008/Apr/1019856.html
http://xforce.iss.net/xforce/xfdb/41840
Write-up by: Vinod Sharma
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Product Division of Tech Mahindra Limited | Privacy Policy | Site Map