CVE-2008-2930

Name of the Vulnerable Software and Affected Versions Red Hat Directory Server versions 7.1 before SP7 Red Hat Directory Server version 8 Fedora Directory Server version 1.1.1

Description The issue allows remote attackers to cause a denial of service, resulting in CPU consumption and search outage, via crafted LDAP search requests with patterns. This is related to a single-threaded regular-expression subsystem.

Recommendations For Red Hat Directory Server versions 7.1 before SP7, update to SP7 or later to resolve the issue. For Red Hat Directory Server version 8, consider restricting access to the LDAP search functionality until a patch is available. For Fedora Directory Server version 1.1.1, restrict access to the vulnerable regular-expression subsystem to minimize the risk of exploitation.