Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2952

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2952
Last Modified 11 Oct 2011 12:00:00
Published 01 Jul 2008 05:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2952

Summary

liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.

Vulnerable Systems

Application

  • Openldap 2.2.4

  • Openldap 2.2.5

  • Openldap 2.2.6

  • Openldap 2.2.7

  • Openldap 2.2.8

  • Openldap 2.2.9

  • Openldap 2.3.10

  • Openldap 2.3.11

  • Openldap 2.3.12

  • Openldap 2.3.13

  • Openldap 2.3.14

  • Openldap 2.3.15

  • Openldap 2.3.16

  • Openldap 2.3.17

  • Openldap 2.3.18

  • Openldap 2.3.19

  • Openldap 2.3.20

  • Openldap 2.3.21

  • Openldap 2.3.22

  • Openldap 2.3.23

  • Openldap 2.3.24

  • Openldap 2.3.25

  • Openldap 2.3.26

  • Openldap 2.3.27

  • Openldap 2.3.28

  • Openldap 2.3.29

  • Openldap 2.3.30

  • Openldap 2.3.31

  • Openldap 2.3.32

  • Openldap 2.3.33

  • Openldap 2.3.34

  • Openldap 2.3.35

  • Openldap 2.3.36

  • Openldap 2.3.37

  • Openldap 2.3.38

  • Openldap 2.3.39

  • Openldap 2.3.4

  • Openldap 2.3.40

  • Openldap 2.3.41

  • Openldap 2.3.42

  • Openldap 2.3.43

  • Openldap 2.3.5

  • Openldap 2.3.6

  • Openldap 2.3.7

  • Openldap 2.3.8

  • Openldap 2.3.9

  • Openldap 2.4.10


References

FEDORA - FEDORA-2008-6062

FEDORA - FEDORA-2008-6029

CONFIRM - https://issues.rpath.com/browse/RPL-2645

XF - openldap-bergetnext-dos(43515)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-052/

VUPEN - ADV-2008-2268

VUPEN - ADV-2008-1978

UBUNTU - USN-634-1

SECTRACK - 1020405

BID - 30013

BUGTRAQ - 20080811 rPSA-2008-0249-1 openldap openldap-clients openldap-servers

REDHAT - RHSA-2008:0583

MLIST - [oss-security] 20080713 Re: openldap DoS

MLIST - [oss-security 20080701 Re: [oss-security] openldap DoS

CONFIRM - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580

CONFIRM - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580

MANDRIVA - MDVSA-2008:144

DEBIAN - DSA-1650

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0249

GENTOO - GLSA-200808-09

SECUNIA - 32316

SECUNIA - 32254

SECUNIA - 31436

SECUNIA - 31364

SECUNIA - 31326

SECUNIA - 30996

SECUNIA - 30917

SECUNIA - 30853

SUSE - SUSE-SR:2008:021

APPLE - APPLE-SA-2008-07-31

Related Patches

Apple 2008-07-31 Security Update 2008-005 (PPC)

Apple 2008-07-31 Security Update 2008-005 Server (PPC)

Apple 2008-07-31 Security Update 2008-005 (Leopard)

Apple 2008-07-31 Security Update 2008-005 (Intel)

Apple 2008-07-31 Security Update 2008-005 Server (Intel)

Novell SUSE 2008:5511 openldap2 security update for SLE 10 i586


Last Updated: 27 May 2016 10:48:02