liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2008-0583 advisory.

    [2.3.27-8.4]
    - fix CVE-2008-2952 (#453639)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

A denial of service flaw was found in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. (CVE-2008-2952)

This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams, which triggers an assertion error. (CVE-2008-2952) Additionally a bug was fixed in ldap_free_connection which could result in client crashes when the server closed a connection while an operation is active.

A denial of service vulnerability was discovered in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon (CVE-2008-2952).

The updated packages have been patched to correct this issue.

Cameron Hotchkies discovered that the OpenLDAP server slapd, a free implementation of the Lightweight Directory Access Protocol, could be crashed by sending malformed ASN1 requests.

The remote host is affected by the vulnerability described in GLSA-200808-09 (OpenLDAP: Denial of Service vulnerability)

    Cameron Hotchkies discovered an error within the parsing of ASN.1 BER     encoded packets in the 'ber_get_next()' function in     libraries/liblber/io.c.
  Impact :

    A remote unauthenticated attacker can send a specially crafted ASN.1     BER encoded packet which will trigger the error and cause an     'assert()', terminating the 'slapd' daemon.
  Workaround :

    There is no known workaround at this time.

Cameron Hotchkies discovered that OpenLDAP did not correctly handle certain ASN.1 BER data. A remote attacker could send a specially crafted packet and crash slapd, leading to a denial of service.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-005 applied. 

This update contains security fixes for a number of programs.

Updated openldap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services.

A denial of service flaw was found in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. (CVE-2008-2952)

Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue.

This update fixes CVE-2008-2952 - remote unauthenticated slapd DoS.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
67724	Oracle Linux 5 : openldap (ELSA-2008-0583)	Nessus	Oracle Linux Local Security Checks	high
60436	Scientific Linux Security Update : openldap on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
41232	SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12222)	Nessus	SuSE Local Security Checks	medium
40084	openSUSE Security Update : openldap2 (openldap2-145)	Nessus	SuSE Local Security Checks	medium
36770	Mandriva Linux Security Advisory : openldap (MDVSA-2008:144)	Nessus	Mandriva Local Security Checks	medium
34441	SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 5511)	Nessus	SuSE Local Security Checks	medium
34440	openSUSE 10 Security Update : openldap2 (openldap2-5509)	Nessus	SuSE Local Security Checks	medium
34386	Debian DSA-1650-1 : openldap2.3 - denial of service	Nessus	Debian Local Security Checks	medium
33855	GLSA-200808-09 : OpenLDAP: Denial of Service vulnerability	Nessus	Gentoo Local Security Checks	medium
33809	Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : openldap2.2, openldap2.3 vulnerability (USN-634-1)	Nessus	Ubuntu Local Security Checks	medium
33790	Mac OS X Multiple Vulnerabilities (Security Update 2008-005)	Nessus	MacOS X Local Security Checks	critical
33490	CentOS 4 / 5 : openldap (CESA-2008:0583)	Nessus	CentOS Local Security Checks	medium
33475	RHEL 4 / 5 : openldap (RHSA-2008:0583)	Nessus	Red Hat Local Security Checks	medium
33412	Fedora 9 : openldap-2.4.8-6.fc9 (2008-6062)	Nessus	Fedora Local Security Checks	medium
33407	Fedora 8 : openldap-2.3.39-4.fc8 (2008-6029)	Nessus	Fedora Local Security Checks	medium

Detections

Analytics

CVE-2008-2952

high

Tenable Plugins

high

medium

medium

medium

medium

medium

medium

medium

medium

medium

critical

medium

medium

medium

medium