Debian Security Advisory DSA 1650-1 (openldap2.3) Network Vulnerability

Summary

The remote host is missing an update to openldap2.3 announced via advisory DSA 1650-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201650-1

Insight

Cameron Hotchkies discovered that the OpenLDAP server slapd, a free implementation of the Lightweight Directory Access Protocol, could be crashed by sending malformed ASN1 requests. For the stable distribution (etch), this problem has been fixed in version 2.3.30-5+etch2. For the unstable distribution (sid), this problem has been fixed in version 2.4.10-3 of the openldap package. We recommend that you upgrade your openldap2.3 packages.

Severity

Classification

CVE CVE-2008-2952
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 114-1 (gnujsp)
Debian Security Advisory DSA 001-1 (ed)
Debian Security Advisory DSA 1059-1 (quagga)
Debian Security Advisory DSA 1058-1 (awstats)
Debian Security Advisory DSA 007-1 (zope)

Take action and discover your vulnerabilities