NVD Vulnerability Detail

CVE-2020-15719

Summary	libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
Publication Date	July 14, 2020, 11:15 p.m.
Registration Date	Jan. 26, 2021, 11:53 a.m.
Last Update	Nov. 21, 2024, 2:06 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:openldap:openldap::::::::					2.4.46-10.el8

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:mcafee:policy_auditor::::::::					6.5.1

Configuration5		or higher	or less	more than	less than
cpe:2.3:a:oracle:blockchain_platform::::::::					21.1.2

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html	Mailing List Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html	Mailing List Third Party Advisory
5	https://access.redhat.com/errata/RHBA-2019:3674	Third Party Advisory
6	https://access.redhat.com/errata/RHBA-2019:3674	Third Party Advisory
7	https://bugs.openldap.org/show_bug.cgi?id=9266	Permissions Required Vendor Advisory
8	https://bugs.openldap.org/show_bug.cgi?id=9266	Permissions Required Vendor Advisory
9	https://bugzilla.redhat.com/show_bug.cgi?id=1740070	Issue Tracking Third Party Advisory
10	https://bugzilla.redhat.com/show_bug.cgi?id=1740070	Issue Tracking Third Party Advisory
11	https://kc.mcafee.com/corporate/index?page=content&id=SB10365	Third Party Advisory
12	https://kc.mcafee.com/corporate/index?page=content&id=SB10365	Third Party Advisory
13	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
14	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-295	不正な証明書検証	https://cwe.mitre.org/data/definitions/295.html

JVN Vulnerability Information

OpenLDAP における証明書検証に関する脆弱性

Title	OpenLDAP における証明書検証に関する脆弱性
Summary	OpenLDAP には、証明書検証に関する脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 22, 2020, midnight
Registration Date	Sept. 3, 2020, 4:58 p.m.
Last Update	Sept. 3, 2020, 4:58 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux

OpenLDAP Foundation

OpenLDAP

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-15719	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719
National Vulnerability Database (NVD)
2	CVE-2020-15719	https://nvd.nist.gov/vuln/detail/CVE-2020-15719

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-295	https://cwe.mitre.org/data/definitions/295.html

ベンダー情報

No	Name	URL
OpenLDAP Bugs
1	Issue 9266	https://bugs.openldap.org/show_bug.cgi?id=9266
Red Hat Customer Portal
2	RHBA-2019:3674 - Bug Fix Advisory	https://access.redhat.com/errata/RHBA-2019:3674

Change Log

No	Changed Details	Date of change
1	[2020年09月03日] 掲載	Sept. 3, 2020, 4:58 p.m.