[Pkg-openldap-devel] Bug#488710: Bug#488710: CVE id assigned
Quanah Gibson-Mount
quanah at zimbra.com
Tue Jul 1 21:46:09 UTC 2008
--On Tuesday, July 01, 2008 11:34 PM +0200 Nico Golde <nion at debian.org>
wrote:
> Hi,
> CVE-2008-2952 was assigned to this issue:
> ======================================================
> Name: CVE-2008-2952
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2952
> Reference:
> CONFIRM:http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;sel
> ectid=5580
>
> liblber/io.c in OpenLDAP 2.3.41, 2.3.42, and possibly other versions
> allows remote attackers to cause a denial of service (program
> termination) via crafted ASN.1 BER datagrams, which triggers an
> assertion error.
All versions of OpenLDAP since 2001, really.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the Pkg-openldap-devel
mailing list