Vulnerabilities > CVE-2008-2952 - Resource Management Errors vulnerability in Openldap
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | OpenLDAP 2.3.41 BER Decoding Remote Denial of Service Vulnerability. CVE-2008-2952. Dos exploit for linux platform |
| id | EDB-ID:32000 |
| last seen | 2016-02-03 |
| modified | 2008-06-30 |
| published | 2008-06-30 |
| reporter | Cameron Hotchkies |
| source | https://www.exploit-db.com/download/32000/ |
| title | OpenLDAP <= 2.3.41 BER Decoding Remote Denial of Service Vulnerability |
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0583.NASL description From Red Hat Security Advisory 2008:0583 : Updated openldap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. A denial of service flaw was found in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. (CVE-2008-2952) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67724 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67724 title Oracle Linux 4 / 5 : openldap (ELSA-2008-0583) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0583.NASL description Updated openldap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. A denial of service flaw was found in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. (CVE-2008-2952) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 33490 published 2008-07-15 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33490 title CentOS 4 / 5 : openldap (CESA-2008:0583) NASL family Fedora Local Security Checks NASL id FEDORA_2008-6062.NASL description This update fixes CVE-2008-2952 - remote unauthenticated slapd DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33412 published 2008-07-08 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33412 title Fedora 9 : openldap-2.4.8-6.fc9 (2008-6062) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-005.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-005 applied. This update contains security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 33790 published 2008-08-01 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33790 title Mac OS X Multiple Vulnerabilities (Security Update 2008-005) NASL family SuSE Local Security Checks NASL id SUSE9_12222.NASL description This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams, which triggers an assertion error. (CVE-2008-2952) Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active. last seen 2020-06-01 modified 2020-06-02 plugin id 41232 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41232 title SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12222) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1650.NASL description Cameron Hotchkies discovered that the OpenLDAP server slapd, a free implementation of the Lightweight Directory Access Protocol, could be crashed by sending malformed ASN1 requests. last seen 2020-06-01 modified 2020-06-02 plugin id 34386 published 2008-10-13 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34386 title Debian DSA-1650-1 : openldap2.3 - denial of service NASL family SuSE Local Security Checks NASL id SUSE_OPENLDAP2-5511.NASL description This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams, which triggers an assertion error. (CVE-2008-2952) Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active. last seen 2020-06-01 modified 2020-06-02 plugin id 34441 published 2008-10-17 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34441 title SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 5511) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-144.NASL description A denial of service vulnerability was discovered in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon (CVE-2008-2952). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 36770 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36770 title Mandriva Linux Security Advisory : openldap (MDVSA-2008:144) NASL family Fedora Local Security Checks NASL id FEDORA_2008-6029.NASL description This update fixes CVE-2008-2952 - remote unauthenticated slapd DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33407 published 2008-07-08 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33407 title Fedora 8 : openldap-2.3.39-4.fc8 (2008-6029) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0583.NASL description Updated openldap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. A denial of service flaw was found in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. (CVE-2008-2952) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 33475 published 2008-07-10 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33475 title RHEL 4 / 5 : openldap (RHSA-2008:0583) NASL family Scientific Linux Local Security Checks NASL id SL_20080709_OPENLDAP_ON_SL4_X.NASL description A denial of service flaw was found in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. (CVE-2008-2952) last seen 2020-06-01 modified 2020-06-02 plugin id 60436 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60436 title Scientific Linux Security Update : openldap on SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_OPENLDAP2-5509.NASL description This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams, which triggers an assertion error. (CVE-2008-2952) Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active. last seen 2020-06-01 modified 2020-06-02 plugin id 34440 published 2008-10-17 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34440 title openSUSE 10 Security Update : openldap2 (openldap2-5509) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200808-09.NASL description The remote host is affected by the vulnerability described in GLSA-200808-09 (OpenLDAP: Denial of Service vulnerability) Cameron Hotchkies discovered an error within the parsing of ASN.1 BER encoded packets in the last seen 2020-06-01 modified 2020-06-02 plugin id 33855 published 2008-08-10 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33855 title GLSA-200808-09 : OpenLDAP: Denial of Service vulnerability NASL family SuSE Local Security Checks NASL id SUSE_11_0_OPENLDAP2-080813.NASL description This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams, which triggers an assertion error. (CVE-2008-2952) Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active. last seen 2020-06-01 modified 2020-06-02 plugin id 40084 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40084 title openSUSE Security Update : openldap2 (openldap2-145) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-634-1.NASL description Cameron Hotchkies discovered that OpenLDAP did not correctly handle certain ASN.1 BER data. A remote attacker could send a specially crafted packet and crash slapd, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33809 published 2008-08-04 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33809 title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : openldap2.2, openldap2.3 vulnerability (USN-634-1)
Oval
| accepted | 2013-04-29T04:07:32.516-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10662 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error. | ||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://secunia.com/advisories/30853
- http://www.securitytracker.com/id?1020405
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580
- http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
- http://www.ubuntu.com/usn/usn-634-1
- http://www.openwall.com/lists/oss-security/2008/07/01/2
- http://www.securityfocus.com/bid/30013
- http://secunia.com/advisories/31364
- http://security.gentoo.org/glsa/glsa-200808-09.xml
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00129.html
- http://secunia.com/advisories/31326
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00109.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:144
- http://www.openwall.com/lists/oss-security/2008/07/13/2
- http://secunia.com/advisories/31436
- http://secunia.com/advisories/30917
- http://www.redhat.com/support/errata/RHSA-2008-0583.html
- http://wiki.rpath.com/Advisories:rPSA-2008-0249
- https://issues.rpath.com/browse/RPL-2645
- http://www.debian.org/security/2008/dsa-1650
- http://secunia.com/advisories/32254
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
- http://secunia.com/advisories/32316
- http://secunia.com/advisories/30996
- http://www.zerodayinitiative.com/advisories/ZDI-08-052/
- http://www.vupen.com/english/advisories/2008/1978/references
- http://www.vupen.com/english/advisories/2008/2268
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43515
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10662
- http://www.securityfocus.com/archive/1/495320/100/0/threaded
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580%3Bselectid=5580