oss-sec mailing list archives
Re: openldap DoS
From: Nico Golde <oss-security+ml () ngolde de>
Date: Sun, 13 Jul 2008 13:32:07 +0200
Hi Steven, * Steven M. Christey <coley () linus mitre org> [2008-07-01 23:14]:
====================================================== Name: CVE-2008-2952 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2952 Reference: CONFIRM:http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580 liblber/io.c in OpenLDAP 2.3.41, 2.3.42, and possibly other versions allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams, which triggers an assertion error.
All versions from 2.2.4 to 2.4.10 are vulnerable referring to upstream, can you update the description to reflect this? Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- Re: openldap DoS Josh Bressers (Jul 01)
- <Possible follow-ups>
- Re: openldap DoS Steven M. Christey (Jul 01)
- Re: openldap DoS Nico Golde (Jul 13)
- Re: openldap DoS Ludwig Nussel (Jul 01)