Upstream information

CVE-2008-2952 at MITRE

Description

liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 405089 [RESOLVED / FIXED], 436712 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.0
  • openldap2-client-debuginfo >= 2.4.9-7.4
  • openldap2-client-debugsource >= 2.4.9-7.4
  • openldap2-debuginfo >= 2.4.9-7.4
  • openldap2-debugsource >= 2.4.9-7.4
openSUSE 11.0
  • openldap2 >= 2.4.9-7.4
  • openldap2-back-meta >= 2.4.9-7.4
  • openldap2-back-perl >= 2.4.9-7.4
  • openldap2-client >= 2.4.9-7.4
  • openldap2-client-32bit >= 2.4.9-7.4
  • openldap2-client-64bit >= 2.4.9-7.4
  • openldap2-devel >= 2.4.9-7.4
  • openldap2-devel-32bit >= 2.4.9-7.4
  • openldap2-devel-64bit >= 2.4.9-7.4
SUSE Linux Enterprise SDK 10 SP2
  • openldap2-back-meta >= 2.3.32-0.30
  • openldap2-back-perl >= 2.3.32-0.30
sles10-sp2.x86
core9.ia64
sles10-sp2-debuginfo.x86
sle10-sp2-sdk.s390x
sles10-sp2-debuginfo.s390x
sles10.x86-64
sle10-sp1-sdk.ppc
sles10.x86
sles10-sp2.ppc
sles10.ppc
sle10-sp2-sdk.ppc
sle10-sp2-sdk.ia64
sles10-sp2-debuginfo.x86-64
sle10-sp2-sdk.x86-64
sles10.s390x
sles10-sp2.x86-64
sles9-nlpos.x86
core9.s390
sle10-sp2-sdk.x86
sles9-nld.x86
sled10-sp2.x86-64
sles10.ia64
core9.s390x
core9.x86-64
sle10-sp1-sdk.x86-64
core9.x86
sle10-sp1-sdk.ia64
sles10-sp2-debuginfo.ppc
sle10-sp1-sdk.x86
core9.ppc
sles9-nld.x86-64
sles10-sp2-debuginfo.ia64
sles10-sp2.ia64
sled10.x86
sles9-oes.x86
sled10.x86-64
sled10-sp2.x86
sles10-sp2.s390x
sle10-sp1-sdk.s390x
ZYPP Patch Nr: 5511
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • openldap2 >= 2.2.24-4.29
  • openldap2-back-ldap >= 2.2.24-4.29
  • openldap2-back-meta >= 2.2.24-4.29
  • openldap2-back-monitor >= 2.2.24-4.29
  • openldap2-back-perl >= 2.2.24-4.29
  • openldap2-client >= 2.2.24-4.29
  • openldap2-devel >= 2.2.24-4.29
sles10-sp2.x86
core9.ia64
sles10-sp2-debuginfo.x86
sle10-sp2-sdk.s390x
sles10-sp2-debuginfo.s390x
sles10.x86-64
sle10-sp1-sdk.ppc
sles10.x86
sles10-sp2.ppc
sles10.ppc
sle10-sp2-sdk.ppc
sle10-sp2-sdk.ia64
sles10-sp2-debuginfo.x86-64
sle10-sp2-sdk.x86-64
sles10.s390x
sles10-sp2.x86-64
sles9-nlpos.x86
core9.s390
sle10-sp2-sdk.x86
sles9-nld.x86
sled10-sp2.x86-64
sles10.ia64
core9.s390x
core9.x86-64
sle10-sp1-sdk.x86-64
core9.x86
sle10-sp1-sdk.ia64
sles10-sp2-debuginfo.ppc
sle10-sp1-sdk.x86
core9.ppc
sles9-nld.x86-64
sles10-sp2-debuginfo.ia64
sles10-sp2.ia64
sled10.x86
sles9-oes.x86
sled10.x86-64
sled10-sp2.x86
sles10-sp2.s390x
sle10-sp1-sdk.s390x
ZYPP Patch Nr: 5511
Novell Linux Desktop 9 for x86_64
  • openldap2 >= 2.2.24-4.29
  • openldap2-back-ldap >= 2.2.24-4.29
  • openldap2-back-meta >= 2.2.24-4.29
  • openldap2-back-monitor >= 2.2.24-4.29
  • openldap2-back-perl >= 2.2.24-4.29
  • openldap2-client >= 2.2.24-4.29
  • openldap2-client-32bit >= 9-200808130009
  • openldap2-devel >= 2.2.24-4.29
  • openldap2-devel-32bit >= 9-200808130009
sles10-sp2.x86
core9.ia64
sles10-sp2-debuginfo.x86
sle10-sp2-sdk.s390x
sles10-sp2-debuginfo.s390x
sles10.x86-64
sle10-sp1-sdk.ppc
sles10.x86
sles10-sp2.ppc
sles10.ppc
sle10-sp2-sdk.ppc
sle10-sp2-sdk.ia64
sles10-sp2-debuginfo.x86-64
sle10-sp2-sdk.x86-64
sles10.s390x
sles10-sp2.x86-64
sles9-nlpos.x86
core9.s390
sle10-sp2-sdk.x86
sles9-nld.x86
sled10-sp2.x86-64
sles10.ia64
core9.s390x
core9.x86-64
sle10-sp1-sdk.x86-64
core9.x86
sle10-sp1-sdk.ia64
sles10-sp2-debuginfo.ppc
sle10-sp1-sdk.x86
core9.ppc
sles9-nld.x86-64
sles10-sp2-debuginfo.ia64
sles10-sp2.ia64
sled10.x86
sles9-oes.x86
sled10.x86-64
sled10-sp2.x86
sles10-sp2.s390x
sle10-sp1-sdk.s390x
ZYPP Patch Nr: 5511