Multiple vulnerabilities in OpenLDAP



Published: 2021-02-06
Risk Medium
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2020-36221
CVE-2020-36224
CVE-2020-36230
CVE-2020-36229
CVE-2020-36228
CVE-2020-36227
CVE-2020-36226
CVE-2020-36225
CVE-2020-36223
CVE-2020-36222
CWE-ID CWE-191
CWE-763
CWE-617
CWE-843
CWE-835
CWE-399
CWE-415
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
OpenLDAP
Server applications / Directory software, identity management

Vendor OpenLDAP.org

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Integer underflow

EUVDB-ID: #VU50389

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-36221

CWE-ID: CWE-191 - Integer Underflow (Wrap or Wraparound)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer underflow within the serialNumberAndIssuerCheck() function in schema_init.c. A remote attacker can send a specially crafted request to the affected application, trigger an integer underflow and crash the slapd.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenLDAP: 2.4.3 - 2.4.56


CPE2.3 External links

http://bugs.openldap.org/show_bug.cgi?id=9404
http://bugs.openldap.org/show_bug.cgi?id=9424
http://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31
http://git.openldap.org/openldap/openldap/-/commit/58c1748e81c843c5b6e61648d2a4d1d82b47e842
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Release of invalid pointer or reference

EUVDB-ID: #VU50398

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-36224

CWE-ID: CWE-763 - Release of invalid pointer or reference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to release of an invalid pointer when processing saslAuthzTo requests. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenLDAP: 2.4.3 - 2.4.56


CPE2.3 External links

http://bugs.openldap.org/show_bug.cgi?id=9409
http://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
http://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26
http://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
http://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Reachable Assertion

EUVDB-ID: #VU50397

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-36230

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when parsing the X.509 DN within the ber_next_element() function in decode.c. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenLDAP: 2.4.3 - 2.4.56


CPE2.3 External links

http://bugs.openldap.org/show_bug.cgi?id=9423
http://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Type Confusion

EUVDB-ID: #VU50396

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-36229

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error in ldap_X509dn2bv when parsing X.509 DN in ad_keystring. A remote attacker can send a specially crafted request to slapd and crash it.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenLDAP: 2.4.3 - 2.4.56


CPE2.3 External links

http://bugs.openldap.org/show_bug.cgi?id=9425
http://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Integer underflow

EUVDB-ID: #VU50395

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-36228

CWE-ID: CWE-191 - Integer Underflow (Wrap or Wraparound)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer underflow when processing the certificate list exact assertion. A remote attacker can send a specially crafted request to the slapd, trigger integer underflow and perform a denial of service (DoS) attack.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenLDAP: 2.4.3 - 2.4.56


CPE2.3 External links

http://bugs.openldap.org/show_bug.cgi?id=9427
http://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5ad
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Infinite loop

EUVDB-ID: #VU50394

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-36227

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in slapd with the cancel_extop Cancel operation. A remote attacker can send a specially crafted request and perform a denial of service conditions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenLDAP: 2.4.3 - 2.4.56


CPE2.3 External links

http://bugs.openldap.org/show_bug.cgi?id=9428
http://git.openldap.org/openldap/openldap/-/commit/9d0e8485f3113505743baabf1167e01e4558ccf5
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Resource management error

EUVDB-ID: #VU50393

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-36226

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application leading to a memch->bv_len miscalculation during saslAuthzTo processing. A remote attacker can send specially crafted request to the slapd and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenLDAP: 2.4.3 - 2.4.56


CPE2.3 External links

http://bugs.openldap.org/show_bug.cgi?id=9413
http://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
http://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26
http://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
http://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Double Free

EUVDB-ID: #VU50392

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-36225

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the saslAuthzTo processing. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenLDAP: 2.4.3 - 2.4.56


CPE2.3 External links

http://bugs.openldap.org/show_bug.cgi?id=9412
http://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
http://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26
http://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
http://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Double Free

EUVDB-ID: #VU50391

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-36223

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error during the Values Return Filter control handling. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenLDAP: 2.4.3 - 2.4.56


CPE2.3 External links

http://bugs.openldap.org/show_bug.cgi?id=9408
http://git.openldap.org/openldap/openldap/-/commit/21981053a1195ae1555e23df4d9ac68d34ede9dd
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Reachable Assertion

EUVDB-ID: #VU50390

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-36222

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in slapd in the saslAuthzTo validation. A remote attacker can send a specially crafted request and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenLDAP: 2.4.3 - 2.4.56


CPE2.3 External links

http://bugs.openldap.org/show_bug.cgi?id=9406
http://bugs.openldap.org/show_bug.cgi?id=9407
http://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0
http://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed
http://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###