CVE 2008-2952
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
Related bugs and status
CVE-2008-2952 (Candidate) is related to these bugs:
Bug #229252: [SRU]slapd gssapi failure - apparmor profile doesn't support kerberos gssapi
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
229252 | [SRU]slapd gssapi failure - apparmor profile doesn't support kerberos gssapi | openldap (Ubuntu) | Undecided | Fix Released | ||
229252 | [SRU]slapd gssapi failure - apparmor profile doesn't support kerberos gssapi | openldap (Ubuntu Hardy) | Undecided | Fix Released | ||
229252 | [SRU]slapd gssapi failure - apparmor profile doesn't support kerberos gssapi | openldap (Ubuntu Intrepid) | Undecided | Fix Released |
Bug #249878: CVE-2008-2952: BER Decoding Remote DoS Vulnerability
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
249878 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap2.2 (Ubuntu) | Undecided | Invalid | ||
249878 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap2.2 (Ubuntu Dapper) | Medium | Fix Released | ||
249878 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap2.3 (Ubuntu) | Medium | Fix Released | ||
249878 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap2.3 (Ubuntu Dapper) | Medium | Fix Released | ||
249878 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap (Ubuntu) | Undecided | Fix Released | ||
249878 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap (Ubuntu Dapper) | Undecided | Invalid |
Bug #250465: CVE-2008-2952: BER Decoding Remote DoS Vulnerability
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
250465 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap2.3 (Ubuntu) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.