CVE-2008-0892 - OpenCVE

The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Directory Server Fedora Directory Server

Configuration 1 [-]

OR	cpe:2.3:a:redhat:directory_server:7.1:::::::*
	cpe:2.3:o:redhat:directory_server:8:el4::::::
	cpe:2.3:o:redhat:directory_server:8:el5::::::
	cpe:2.3:o:redhat:fedora_directory_server::::::::

References

Link	Resource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676	Broken Link
http://secunia.com/advisories/29761	Broken Link
http://secunia.com/advisories/29826	Broken Link
http://secunia.com/advisories/30114	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0199.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0201.html	Broken Link
http://www.securityfocus.com/bid/28802	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1019856	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/1449/references	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=437301	Issue Tracking Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41840	Third Party Advisory VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html	Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2008-04-16T18:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-02-21T00:00:00

Link: CVE-2008-0892

JSON object: View

NVD Information

Status : Analyzed

Published: 2008-04-16T18:05:00.000

Modified: 2022-02-03T19:56:28.037

Link: CVE-2008-0892

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "rhds-replmonitor-command-execution(41840)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41840"}, {"name": "FEDORA-2008-3220", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html"}, {"name": "HPSBUX02324", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676"}, {"name": "30114", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30114"}, {"name": "1019856", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019856"}, {"name": "28802", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28802"}, {"name": "SSRT080034", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676"}, {"name": "RHSA-2008:0201", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html"}, {"name": "FEDORA-2008-3214", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html"}, {"name": "ADV-2008-1449", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1449/references"}, {"name": "RHSA-2008:0199", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0199.html"}, {"name": "29761", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29761"}, {"name": "29826", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29826"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437301"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-0892", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "rhds-replmonitor-command-execution(41840)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41840"}, {"name": "FEDORA-2008-3220", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html"}, {"name": "HPSBUX02324", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676"}, {"name": "30114", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30114"}, {"name": "1019856", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019856"}, {"name": "28802", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28802"}, {"name": "SSRT080034", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676"}, {"name": "RHSA-2008:0201", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html"}, {"name": "FEDORA-2008-3214", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html"}, {"name": "ADV-2008-1449", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1449/references"}, {"name": "RHSA-2008:0199", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0199.html"}, {"name": "29761", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29761"}, {"name": "29826", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29826"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=437301", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437301"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-0892", "datePublished": "2008-04-16T18:00:00", "dateReserved": "2008-02-21T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:directory_server:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "ABADB3F7-AD65-4E62-BEA5-782539911B6B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:directory_server:8:el4:*:*:*:*:*:*", "matchCriteriaId": "1C61BA21-1EC5-412D-83E1-AF939169D702", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:directory_server:8:el5:*:*:*:*:*:*", "matchCriteriaId": "E4C96B58-E323-4609-BC88-5D5BFA9D3E55", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:fedora_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6DB2E5A-9A1C-4A29-BCB7-A7E8C661D394", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands."}, {"lang": "es", "value": "Las secuencias de comandos CGI Replication Monitor (monitor de duplicaci\u00f3n) en Red Hat Administration Server, como lo usan Red Hat Directory Server 8.0 EL4 y EL5, permite a atacantes remotos ejecutar comandos de su elecci\u00f3n."}], "id": "CVE-2008-0892", "lastModified": "2022-02-03T19:56:28.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-16T18:05:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29761"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29826"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/30114"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0199.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/28802"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1019856"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/1449/references"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437301"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41840"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}