PT-2019-2907 · Openldap+3 · Openldap+3

Publicado

2019-07-26

Atualizado

2025-01-13

CVE-2019-13565

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenLDAP versions prior to 2.4.48

Description An issue in OpenLDAP allows access that would otherwise be denied via a simple bind for any identity covered in the ACLs when using SASL authentication and session encryption. After the first SASL bind is completed, the sasl ssf value is retained for all new non-SASL connections, affecting different types of operations depending on the ACL configuration. This means a successful authorization step completed by one user can affect the authorization requirement for a different user.

Recommendations For OpenLDAP versions prior to 2.4.48, update to version 2.4.48 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive operations until the update is applied.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

ALT-PU-2019-2556

ALT-PU-2019-2568

BDU:2019-02876

CVE-2019-13565

DLA-1891-1

MGASA-2019-0280

OPENSUSE-SU-2019:2157-1

OPENSUSE-SU-2019:2176-1

OPENSUSE-SU-2019_2157-1

OPENSUSE-SU-2019_2176-1

OPENSUSE-SU-2024:11121-1

ROSA-SA-2025-2550

SUSE-SU-2019:2390-1

SUSE-SU-2019:2395-1

SUSE-SU-2020:1210-1

SUSE-SU-2020:14353-1

USN-4078-1

USN-4078-2

Produtos afetados

Alt Linux

Openldap

Suse

Ubuntu

PT-2019-2907 · Openldap+3 · Openldap+3

CVE-2019-13565

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 63