PublicDate: 2008-07-01 21:41:00 UTC
Candidate: CVE-2008-2952
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2952
 https://ubuntu.com/security/notices/USN-634-1
Description:
 liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a
 denial of service (program termination) via crafted ASN.1 BER datagrams
 that trigger an assertion error.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/bugs/249878
Priority: medium
Discovered-by: Cameron Hotchkies
Assigned-to: kees
CVSS: 

Patches_openldap:
 upstream: http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.111.2.7&r2=1.111.2.8&hideattic=1&sortbydate=0
upstream_openldap: released (2.4.11)
dapper_openldap: DNE
feisty_openldap: DNE
gutsy_openldap: DNE
hardy_openldap: DNE
devel_openldap: not-affected

Patches_openldap2.2:
upstream_openldap2.2: needs-triage
dapper_openldap2.2: released (2.2.26-5ubuntu2.8)
feisty_openldap2.2: DNE
gutsy_openldap2.2: DNE
hardy_openldap2.2: DNE
devel_openldap2.2: DNE

Patches_openldap2.3:
 upstream: http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.107.2.7&r2=1.107.2.8&hideattic=1&sortbydate=0
upstream_openldap2.3: needs-triage
dapper_openldap2.3: DNE
feisty_openldap2.3: released (2.3.30-2ubuntu0.3)
gutsy_openldap2.3: released (2.3.35-1ubuntu0.3)
hardy_openldap2.3: released (2.4.9-0ubuntu0.8.04.1)
devel_openldap2.3: DNE