ID CVE-2008-2952
Summary liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
References
Vulnerable Configurations
  • cpe:2.3:a:openldap:openldap:2.2.4
    cpe:2.3:a:openldap:openldap:2.2.4
  • cpe:2.3:a:openldap:openldap:2.2.5
    cpe:2.3:a:openldap:openldap:2.2.5
  • cpe:2.3:a:openldap:openldap:2.2.6
    cpe:2.3:a:openldap:openldap:2.2.6
  • cpe:2.3:a:openldap:openldap:2.2.7
    cpe:2.3:a:openldap:openldap:2.2.7
  • cpe:2.3:a:openldap:openldap:2.2.8
    cpe:2.3:a:openldap:openldap:2.2.8
  • cpe:2.3:a:openldap:openldap:2.2.9
    cpe:2.3:a:openldap:openldap:2.2.9
  • cpe:2.3:a:openldap:openldap:2.3.4
    cpe:2.3:a:openldap:openldap:2.3.4
  • cpe:2.3:a:openldap:openldap:2.3.5
    cpe:2.3:a:openldap:openldap:2.3.5
  • cpe:2.3:a:openldap:openldap:2.3.6
    cpe:2.3:a:openldap:openldap:2.3.6
  • cpe:2.3:a:openldap:openldap:2.3.7
    cpe:2.3:a:openldap:openldap:2.3.7
  • cpe:2.3:a:openldap:openldap:2.3.8
    cpe:2.3:a:openldap:openldap:2.3.8
  • cpe:2.3:a:openldap:openldap:2.3.9
    cpe:2.3:a:openldap:openldap:2.3.9
  • cpe:2.3:a:openldap:openldap:2.3.10
    cpe:2.3:a:openldap:openldap:2.3.10
  • cpe:2.3:a:openldap:openldap:2.3.11
    cpe:2.3:a:openldap:openldap:2.3.11
  • cpe:2.3:a:openldap:openldap:2.3.12
    cpe:2.3:a:openldap:openldap:2.3.12
  • cpe:2.3:a:openldap:openldap:2.3.13
    cpe:2.3:a:openldap:openldap:2.3.13
  • cpe:2.3:a:openldap:openldap:2.3.14
    cpe:2.3:a:openldap:openldap:2.3.14
  • cpe:2.3:a:openldap:openldap:2.3.15
    cpe:2.3:a:openldap:openldap:2.3.15
  • cpe:2.3:a:openldap:openldap:2.3.16
    cpe:2.3:a:openldap:openldap:2.3.16
  • cpe:2.3:a:openldap:openldap:2.3.17
    cpe:2.3:a:openldap:openldap:2.3.17
  • cpe:2.3:a:openldap:openldap:2.3.18
    cpe:2.3:a:openldap:openldap:2.3.18
  • cpe:2.3:a:openldap:openldap:2.3.19
    cpe:2.3:a:openldap:openldap:2.3.19
  • cpe:2.3:a:openldap:openldap:2.3.20
    cpe:2.3:a:openldap:openldap:2.3.20
  • cpe:2.3:a:openldap:openldap:2.3.21
    cpe:2.3:a:openldap:openldap:2.3.21
  • cpe:2.3:a:openldap:openldap:2.3.22
    cpe:2.3:a:openldap:openldap:2.3.22
  • cpe:2.3:a:openldap:openldap:2.3.23
    cpe:2.3:a:openldap:openldap:2.3.23
  • cpe:2.3:a:openldap:openldap:2.3.24
    cpe:2.3:a:openldap:openldap:2.3.24
  • cpe:2.3:a:openldap:openldap:2.3.25
    cpe:2.3:a:openldap:openldap:2.3.25
  • cpe:2.3:a:openldap:openldap:2.3.26
    cpe:2.3:a:openldap:openldap:2.3.26
  • cpe:2.3:a:openldap:openldap:2.3.27
    cpe:2.3:a:openldap:openldap:2.3.27
  • cpe:2.3:a:openldap:openldap:2.3.28
    cpe:2.3:a:openldap:openldap:2.3.28
  • cpe:2.3:a:openldap:openldap:2.3.29
    cpe:2.3:a:openldap:openldap:2.3.29
  • cpe:2.3:a:openldap:openldap:2.3.30
    cpe:2.3:a:openldap:openldap:2.3.30
  • cpe:2.3:a:openldap:openldap:2.3.31
    cpe:2.3:a:openldap:openldap:2.3.31
  • cpe:2.3:a:openldap:openldap:2.3.32
    cpe:2.3:a:openldap:openldap:2.3.32
  • cpe:2.3:a:openldap:openldap:2.3.33
    cpe:2.3:a:openldap:openldap:2.3.33
  • cpe:2.3:a:openldap:openldap:2.3.34
    cpe:2.3:a:openldap:openldap:2.3.34
  • cpe:2.3:a:openldap:openldap:2.3.35
    cpe:2.3:a:openldap:openldap:2.3.35
  • cpe:2.3:a:openldap:openldap:2.3.36
    cpe:2.3:a:openldap:openldap:2.3.36
  • cpe:2.3:a:openldap:openldap:2.3.37
    cpe:2.3:a:openldap:openldap:2.3.37
  • cpe:2.3:a:openldap:openldap:2.3.38
    cpe:2.3:a:openldap:openldap:2.3.38
  • cpe:2.3:a:openldap:openldap:2.3.39
    cpe:2.3:a:openldap:openldap:2.3.39
  • cpe:2.3:a:openldap:openldap:2.3.40
    cpe:2.3:a:openldap:openldap:2.3.40
  • cpe:2.3:a:openldap:openldap:2.3.41
    cpe:2.3:a:openldap:openldap:2.3.41
  • cpe:2.3:a:openldap:openldap:2.3.42
    cpe:2.3:a:openldap:openldap:2.3.42
  • cpe:2.3:a:openldap:openldap:2.3.43
    cpe:2.3:a:openldap:openldap:2.3.43
  • OpenLDAP 2.4.10
    cpe:2.3:a:openldap:openldap:2.4.10
CVSS
Base: 5.0 (as of 02-07-2008 - 08:45)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description OpenLDAP 2.3.41 BER Decoding Remote Denial of Service Vulnerability. CVE-2008-2952. Dos exploit for linux platform
id EDB-ID:32000
last seen 2016-02-03
modified 2008-06-30
published 2008-06-30
reporter Cameron Hotchkies
source https://www.exploit-db.com/download/32000/
title OpenLDAP <= 2.3.41 BER Decoding Remote Denial of Service Vulnerability
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENLDAP2-5509.NASL
    description This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams, which triggers an assertion error. (CVE-2008-2952) Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 34440
    published 2008-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34440
    title openSUSE 10 Security Update : openldap2 (openldap2-5509)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200808-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-200808-09 (OpenLDAP: Denial of Service vulnerability) Cameron Hotchkies discovered an error within the parsing of ASN.1 BER encoded packets in the 'ber_get_next()' function in libraries/liblber/io.c. Impact : A remote unauthenticated attacker can send a specially crafted ASN.1 BER encoded packet which will trigger the error and cause an 'assert()', terminating the 'slapd' daemon. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 33855
    published 2008-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33855
    title GLSA-200808-09 : OpenLDAP: Denial of Service vulnerability
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0583.NASL
    description From Red Hat Security Advisory 2008:0583 : Updated openldap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. A denial of service flaw was found in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. (CVE-2008-2952) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67724
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67724
    title Oracle Linux 4 / 5 : openldap (ELSA-2008-0583)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-634-1.NASL
    description Cameron Hotchkies discovered that OpenLDAP did not correctly handle certain ASN.1 BER data. A remote attacker could send a specially crafted packet and crash slapd, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 33809
    published 2008-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33809
    title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : openldap2.2, openldap2.3 vulnerability (USN-634-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_OPENLDAP2-080813.NASL
    description This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams, which triggers an assertion error. (CVE-2008-2952) Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40084
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40084
    title openSUSE Security Update : openldap2 (openldap2-145)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0583.NASL
    description Updated openldap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. A denial of service flaw was found in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. (CVE-2008-2952) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 33475
    published 2008-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33475
    title RHEL 4 / 5 : openldap (RHSA-2008:0583)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-6029.NASL
    description This update fixes CVE-2008-2952 - remote unauthenticated slapd DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 33407
    published 2008-07-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33407
    title Fedora 8 : openldap-2.3.39-4.fc8 (2008-6029)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-144.NASL
    description A denial of service vulnerability was discovered in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon (CVE-2008-2952). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 36770
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36770
    title Mandriva Linux Security Advisory : openldap (MDVSA-2008:144)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-6062.NASL
    description This update fixes CVE-2008-2952 - remote unauthenticated slapd DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 33412
    published 2008-07-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33412
    title Fedora 9 : openldap-2.4.8-6.fc9 (2008-6062)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080709_OPENLDAP_ON_SL4_X.NASL
    description A denial of service flaw was found in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. (CVE-2008-2952)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60436
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60436
    title Scientific Linux Security Update : openldap on SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12222.NASL
    description This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams, which triggers an assertion error. (CVE-2008-2952) Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active.
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 41232
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41232
    title SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12222)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1650.NASL
    description Cameron Hotchkies discovered that the OpenLDAP server slapd, a free implementation of the Lightweight Directory Access Protocol, could be crashed by sending malformed ASN1 requests.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 34386
    published 2008-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34386
    title Debian DSA-1650-1 : openldap2.3 - denial of service
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENLDAP2-5511.NASL
    description This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams, which triggers an assertion error. (CVE-2008-2952) Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active.
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 34441
    published 2008-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34441
    title SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 5511)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0583.NASL
    description Updated openldap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. A denial of service flaw was found in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. (CVE-2008-2952) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 33490
    published 2008-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33490
    title CentOS 4 / 5 : openldap (CESA-2008:0583)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-005.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-005 applied. This update contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 33790
    published 2008-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33790
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-005)
oval via4
accepted 2013-04-29T04:07:32.516-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
family unix
id oval:org.mitre.oval:def:10662
status accepted
submitted 2010-07-09T03:56:16-04:00
title liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
version 24
redhat via4
advisories
bugzilla
id 453444
title CVE-2008-2952 OpenLDAP denial-of-service flaw in ASN.1 decoder
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment compat-openldap is earlier than 0:2.1.30-8.el4_6.5
          oval oval:com.redhat.rhsa:tst:20080583008
        • comment compat-openldap is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070310013
      • AND
        • comment openldap is earlier than 0:2.2.13-8.el4_6.5
          oval oval:com.redhat.rhsa:tst:20080583002
        • comment openldap is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070310003
      • AND
        • comment openldap-clients is earlier than 0:2.2.13-8.el4_6.5
          oval oval:com.redhat.rhsa:tst:20080583010
        • comment openldap-clients is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070310007
      • AND
        • comment openldap-devel is earlier than 0:2.2.13-8.el4_6.5
          oval oval:com.redhat.rhsa:tst:20080583004
        • comment openldap-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070310009
      • AND
        • comment openldap-servers is earlier than 0:2.2.13-8.el4_6.5
          oval oval:com.redhat.rhsa:tst:20080583012
        • comment openldap-servers is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070310005
      • AND
        • comment openldap-servers-sql is earlier than 0:2.2.13-8.el4_6.5
          oval oval:com.redhat.rhsa:tst:20080583006
        • comment openldap-servers-sql is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070310011
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment compat-openldap is earlier than 0:2.3.27_2.2.29-8.el5_2.4
          oval oval:com.redhat.rhsa:tst:20080583021
        • comment compat-openldap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037011
      • AND
        • comment openldap is earlier than 0:2.3.27-8.el5_2.4
          oval oval:com.redhat.rhsa:tst:20080583015
        • comment openldap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037003
      • AND
        • comment openldap-clients is earlier than 0:2.3.27-8.el5_2.4
          oval oval:com.redhat.rhsa:tst:20080583023
        • comment openldap-clients is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037005
      • AND
        • comment openldap-devel is earlier than 0:2.3.27-8.el5_2.4
          oval oval:com.redhat.rhsa:tst:20080583019
        • comment openldap-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037009
      • AND
        • comment openldap-servers is earlier than 0:2.3.27-8.el5_2.4
          oval oval:com.redhat.rhsa:tst:20080583025
        • comment openldap-servers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037007
      • AND
        • comment openldap-servers-sql is earlier than 0:2.3.27-8.el5_2.4
          oval oval:com.redhat.rhsa:tst:20080583017
        • comment openldap-servers-sql is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071037013
rhsa
id RHSA-2008:0583
released 2008-07-09
severity Important
title RHSA-2008:0583: openldap security update (Important)
rpms
  • compat-openldap-0:2.1.30-8.el4_6.5
  • openldap-0:2.2.13-8.el4_6.5
  • openldap-clients-0:2.2.13-8.el4_6.5
  • openldap-devel-0:2.2.13-8.el4_6.5
  • openldap-servers-0:2.2.13-8.el4_6.5
  • openldap-servers-sql-0:2.2.13-8.el4_6.5
  • compat-openldap-0:2.3.27_2.2.29-8.el5_2.4
  • openldap-0:2.3.27-8.el5_2.4
  • openldap-clients-0:2.3.27-8.el5_2.4
  • openldap-devel-0:2.3.27-8.el5_2.4
  • openldap-servers-0:2.3.27-8.el5_2.4
  • openldap-servers-sql-0:2.3.27-8.el5_2.4
refmap via4
apple APPLE-SA-2008-07-31
bid 30013
bugtraq 20080811 rPSA-2008-0249-1 openldap openldap-clients openldap-servers
confirm
debian DSA-1650
fedora
  • FEDORA-2008-6029
  • FEDORA-2008-6062
gentoo GLSA-200808-09
mandriva MDVSA-2008:144
misc http://www.zerodayinitiative.com/advisories/ZDI-08-052/
mlist
  • [oss-security 20080701 Re: [oss-security] openldap DoS
  • [oss-security] 20080713 Re: openldap DoS
sectrack 1020405
secunia
  • 30853
  • 30917
  • 30996
  • 31326
  • 31364
  • 31436
  • 32254
  • 32316
suse SUSE-SR:2008:021
ubuntu USN-634-1
vupen
  • ADV-2008-1978
  • ADV-2008-2268
xf openldap-bergetnext-dos(43515)
Last major update 11-10-2011 - 00:00
Published 01-07-2008 - 17:41
Last modified 11-10-2018 - 16:45
Back to Top