CVE 2008-2952
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
Related bugs and status
CVE-2008-2952 (Candidate) is related to these bugs:
Bug #229252: [SRU]slapd gssapi failure - apparmor profile doesn't support kerberos gssapi
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 229252 | [SRU]slapd gssapi failure - apparmor profile doesn't support kerberos gssapi | openldap (Ubuntu) | Undecided | Fix Released | ||
| 229252 | [SRU]slapd gssapi failure - apparmor profile doesn't support kerberos gssapi | openldap (Ubuntu Hardy) | Undecided | Fix Released | ||
| 229252 | [SRU]slapd gssapi failure - apparmor profile doesn't support kerberos gssapi | openldap (Ubuntu Intrepid) | Undecided | Fix Released | ||
Bug #249878: CVE-2008-2952: BER Decoding Remote DoS Vulnerability
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 249878 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap2.2 (Ubuntu) | Undecided | Invalid | ||
| 249878 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap2.2 (Ubuntu Dapper) | Medium | Fix Released | ||
| 249878 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap2.3 (Ubuntu) | Medium | Fix Released | ||
| 249878 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap2.3 (Ubuntu Dapper) | Medium | Fix Released | ||
| 249878 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap (Ubuntu) | Undecided | Fix Released | ||
| 249878 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap (Ubuntu Dapper) | Undecided | Invalid | ||
Bug #250465: CVE-2008-2952: BER Decoding Remote DoS Vulnerability
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 250465 | CVE-2008-2952: BER Decoding Remote DoS Vulnerability | openldap2.3 (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
