NVD Vulnerability Detail
Search Exploit, PoC
CVE-2020-8023
Summary

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.

Publication Date Sept. 1, 2020, 9:15 p.m.
Registration Date Jan. 26, 2021, 12:01 p.m.
Last Update Nov. 21, 2024, 2:38 p.m.
CVSS3.1 : HIGH
スコア 7.8
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV) ローカル
攻撃条件の複雑さ(AC)
攻撃に必要な特権レベル(PR)
利用者の関与(UI) 不要
影響の想定範囲(S) 変更なし
機密性への影響(C)
完全性への影響(I)
可用性への影響(A)
CVSS2.0 : HIGH
Score 7.2
Vector AV:L/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV) ローカル
攻撃条件の複雑さ(AC)
攻撃前の認証要否(Au) 不要
機密性への影響(C)
完全性への影響(I)
可用性への影響(A)
Get all privileges. いいえ
Get user privileges いいえ
Get other privileges いいえ
User operation required いいえ
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:opensuse:openldap2:*:*:*:*:*:*:*:* 2.4.41-18.71.2
execution environment
1 cpe:2.3:a:suse:enterprise_storage:5.0:*:*:*:*:*:*:*
2 cpe:2.3:a:suse:openstack_cloud:7.0:*:*:*:*:*:*:*
3 cpe:2.3:a:suse:openstack_cloud:8.0:*:*:*:*:*:*:*
4 cpe:2.3:a:suse:openstack_cloud_crowbar:8.0:*:*:*:*:*:*:*
5 cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*
6 cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*
7 cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:ltss:*:*:*
8 cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:sap:*:*
9 cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:sap:*:*
10 cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:*:*:*:*
11 cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:*
12 cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:-:-:*:*
Configuration2 or higher or less more than less than
cpe:2.3:a:opensuse:openldap2:*:*:*:*:*:*:*:* 2.4.26-0.74.13.1
execution environment
1 cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
2 cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
3 cpe:2.3:a:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*
4 cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*
5 cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:a:opensuse:openldap2:*:*:*:*:*:*:*:* 2.4.46-9.31.1
execution environment
1 cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*
2 cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:ltss:*:*
Configuration4 or higher or less more than less than
cpe:2.3:a:opensuse:openldap2:*:*:*:*:*:*:*:* 2.4.46-lp151.10.12.1
execution environment
1 cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
2 cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List
JVN Vulnerability Information
OpenLDAP2 における信頼できるデータ受け入れ時の信頼できない無関係なデータの受け入れに関する脆弱性
Title OpenLDAP2 における信頼できるデータ受け入れ時の信頼できない無関係なデータの受け入れに関する脆弱性
Summary

OpenLDAP2 には、信頼できるデータ受け入れ時の信頼できない無関係なデータの受け入れに関する脆弱性が存在します。

Possible impacts 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution

ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date June 9, 2020, midnight
Registration Date Feb. 10, 2021, 4:26 p.m.
Last Update Feb. 10, 2021, 4:26 p.m.
Affected System
openSUSE project
OpenLDAP2 
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
No Changed Details Date of change
1 [2021年02月10日]
  掲載		 Feb. 10, 2021, 4:26 p.m.