CVE-2008-2952 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Affected Products (NVD)

Vendor	Product	Version
openldap	openldap	2.2.4
openldap	openldap	2.2.5
openldap	openldap	2.2.6
openldap	openldap	2.2.7
openldap	openldap	2.2.8
openldap	openldap	2.2.9
openldap	openldap	2.3.4
openldap	openldap	2.3.5
openldap	openldap	2.3.6
openldap	openldap	2.3.7
openldap	openldap	2.3.8
openldap	openldap	2.3.9
openldap	openldap	2.3.10
openldap	openldap	2.3.11
openldap	openldap	2.3.12
openldap	openldap	2.3.13
openldap	openldap	2.3.14
openldap	openldap	2.3.15
openldap	openldap	2.3.16
openldap	openldap	2.3.17
openldap	openldap	2.3.18
openldap	openldap	2.3.19
openldap	openldap	2.3.20
openldap	openldap	2.3.21
openldap	openldap	2.3.22
openldap	openldap	2.3.23
openldap	openldap	2.3.24
openldap	openldap	2.3.25
openldap	openldap	2.3.26
openldap	openldap	2.3.27
openldap	openldap	2.3.28
openldap	openldap	2.3.29
openldap	openldap	2.3.30
openldap	openldap	2.3.31
openldap	openldap	2.3.32
openldap	openldap	2.3.33
openldap	openldap	2.3.34
openldap	openldap	2.3.35
openldap	openldap	2.3.36
openldap	openldap	2.3.37
openldap	openldap	2.3.38
openldap	openldap	2.3.39
openldap	openldap	2.3.40
openldap	openldap	2.3.41
openldap	openldap	2.3.42
openldap	openldap	2.3.43
openldap	openldap	2.4.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openldap

bookworm	2.5.13+dfsg-5 fixed
bullseye	2.4.57+dfsg-3+deb11u1 fixed
bullseye (security)	2.4.57+dfsg-3+deb11u1 fixed
sid	2.5.18+dfsg-3 fixed
trixie	2.5.18+dfsg-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

openldap

dapper	dne
feisty	dne
gutsy	dne
hardy	dne

openldap2.2

dapper	Fixed 2.2.26-5ubuntu2.8 released
feisty	dne
gutsy	dne
hardy	dne

openldap2.3

dapper	dne
feisty	Fixed 2.3.30-2ubuntu0.3 released
gutsy	Fixed 2.3.35-1ubuntu0.3 released
hardy	Fixed 2.4.9-0ubuntu0.8.04.1 released

Common Weakness Enumeration

CWE-399 -

References

http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html

http://secunia.com/advisories/30853

http://secunia.com/advisories/30917

http://secunia.com/advisories/30996

http://secunia.com/advisories/31326

http://secunia.com/advisories/31364

http://secunia.com/advisories/31436

http://secunia.com/advisories/32254

http://secunia.com/advisories/32316

http://security.gentoo.org/glsa/glsa-200808-09.xml

http://wiki.rpath.com/Advisories:rPSA-2008-0249

http://www.debian.org/security/2008/dsa-1650

http://www.mandriva.com/security/advisories?name=MDVSA-2008:144

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580%3Bselectid=5580

http://www.openwall.com/lists/oss-security/2008/07/01/2

http://www.openwall.com/lists/oss-security/2008/07/13/2

http://www.redhat.com/support/errata/RHSA-2008-0583.html

http://www.securityfocus.com/archive/1/495320/100/0/threaded

http://www.securityfocus.com/bid/30013

http://www.securitytracker.com/id?1020405

http://www.ubuntu.com/usn/usn-634-1

http://www.vupen.com/english/advisories/2008/1978/references

http://www.vupen.com/english/advisories/2008/2268

http://www.zerodayinitiative.com/advisories/ZDI-08-052/

https://exchange.xforce.ibmcloud.com/vulnerabilities/43515

https://issues.rpath.com/browse/RPL-2645

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10662

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00109.html

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00129.html

http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html

http://secunia.com/advisories/30853

http://secunia.com/advisories/30917

http://secunia.com/advisories/30996

http://secunia.com/advisories/31326

http://secunia.com/advisories/31364

http://secunia.com/advisories/31436

http://secunia.com/advisories/32254

http://secunia.com/advisories/32316

http://security.gentoo.org/glsa/glsa-200808-09.xml

http://wiki.rpath.com/Advisories:rPSA-2008-0249

http://www.debian.org/security/2008/dsa-1650

http://www.mandriva.com/security/advisories?name=MDVSA-2008:144

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580%3Bselectid=5580

http://www.openwall.com/lists/oss-security/2008/07/01/2

http://www.openwall.com/lists/oss-security/2008/07/13/2

http://www.redhat.com/support/errata/RHSA-2008-0583.html

http://www.securityfocus.com/archive/1/495320/100/0/threaded

http://www.securityfocus.com/bid/30013

http://www.securitytracker.com/id?1020405

http://www.ubuntu.com/usn/usn-634-1

http://www.vupen.com/english/advisories/2008/1978/references

http://www.vupen.com/english/advisories/2008/2268

http://www.zerodayinitiative.com/advisories/ZDI-08-052/

https://exchange.xforce.ibmcloud.com/vulnerabilities/43515

https://issues.rpath.com/browse/RPL-2645

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10662

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00109.html

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00129.html