523 matches found
Code injection
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams that trigger an assertion error...
CVE-2008-2952
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams that trigger an assertion error...
CVE-2008-2952
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams that trigger an assertion error...
DEBIAN-CVE-2008-2952
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams that trigger an assertion error...
CVE-2008-2952
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams that trigger an assertion error...
CVE-2008-2952
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams that trigger an assertion error...
OpenLDAP BER解码远程拒绝服务漏洞
BUGTRAQ ID: 30013 OpenLDAP是一款开放源代码的轻量级目录访问协议(LDAP)实现。 OpenLDAP的libraries/liblber/io.c文件中的bergetnext函数没有正确地解码ASN.1 BER网络数据报,如果数据报的单元(标签 + 长度 + 内容)包含有 4字节长的多字节标签 4字节长的多字节大小 则解码后的整个大小为BerElement结构缓冲区加1个字节,这导致函数返回说明仍需更多数据,但读指针仍指向缓冲区末尾,这是不允许的。之后的函数调用会出现失败: assert 0 ; / ber structure is messed up ?/...
Linux Kernel BER解码缓冲区溢出漏洞
BUGTRAQ ID: 29589 CVECAN ID: CVE-2008-1673 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的cifs和ipnatsnmpbasic模块中的ASN.1 BER解码器没有正确地计算缓冲区大小,如果远程攻击者向有漏洞的系统发送了特制的BER编码数据的话,就可以触发缓冲区溢出,导致拒绝服务或执行任意指令。 Linux kernel 2.6.x Linux kernel 2.4.x Debian ------ Debian已经为此发布了一个安全公告(DSA-1592-2)以及相应补丁: DSA-1592-2:N...
CVE-2008-1673
The asn1 implementation in a the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ipnatsnmpbasic modules; and b the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of servi...
CVE-2007-2466
Unspecified vulnerability in the LDAP Software Development Kit SDK for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service crash via certain BER encodings...
security flaw
The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service crash via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite...
memory leaks using ber_scanf when handling bad BER packets (CVE-2006-0453)
Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service memory consumption via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the berscanf call, as demonstrate...
security flaw
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service large or infinite loops viarafted packets to the 1 UMA and 2 BER dissectors...
Fedora Core 5 : ethereal-0.99.0-fc5.1 (2006-456)
Many security vulnerabilities have been fixed since the previous release. - The H.248 dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937 - The UMA dissector could go into an infinite loop. Versions affected: 0.10.12 - 0.10.14. CVE: CVE-2006-1933 - The X.509if dissector could...
Design/Logic Flaw
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service large or infinite loops viarafted packets to the 1 UMA and 2 BER dissectors...
CVE-2006-1933
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service large or infinite loops viarafted packets to the 1 UMA and 2 BER dissectors...
Ethereal 0.99.0 Release Notes
Ethereal 0.99.0 Release Notes Table of Contents What is Ethereal? What's New Bug Fixes New and Updated Features New Protocol Support Updated Protocol Support New and Updated Capture File Support Getting Ethereal Microsoft Windows Sun Solaris Source Code Vendor-supplied Packages File Locations Kno...
CVE-2006-0451
Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service memory consumption via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the berscanf call, as demonstrate...
Design/Logic Flaw
The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service crash via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite...
CVE-2006-0453
The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service crash via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite...