PT-2021-12704 · Suse · Opensuse Leap 15.2+4

Thorsten Kukuk

·

Published

2020-09-22

·

Updated

2021-02-23

·

CVE-2020-8027

CVSS v3.1

7.3

High

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Name of the Vulnerable Software and Affected Versions: openldap2 versions prior to 2.4.46-9.37.1 in SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1 in SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-lp151.10.18.1 in openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp152.14.9.1 in openSUSE Leap 15.2
Description: A temporary file vulnerability in openldap2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration.
Recommendations: For SUSE Linux Enterprise Server 15-LTSS, update openldap2 to version 2.4.46-9.37.1 or later. For SUSE Linux Enterprise Server for SAP 15, update openldap2 to version 2.4.46-9.37.1 or later. For openSUSE Leap 15.1, update openldap2 to version 2.4.46-lp151.10.18.1 or later. For openSUSE Leap 15.2, update openldap2 to version 2.4.46-lp152.14.9.1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-377

Related Identifiers

CVE-2020-8027
OPENSUSE-SU-2020:1534-1
OPENSUSE-SU-2020:1539-1
OPENSUSE-SU-2020_1534-1
OPENSUSE-SU-2020_1539-1
OPENSUSE-SU-2024:11121-1
SUSE-SU-2020:2712-1
SUSE-SU-2020:2712-2
SUSE-SU-2020_2712-1
SUSE-SU-2020_2712-2

Affected Products

Suse Linux Enterprise Server 15
Suse Linux Enterprise Server For Sap 15
Suse
Opensuse Leap 15.1
Opensuse Leap 15.2