CVE-2020-8023

Summary

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.

Affected Software

VendorProductVersion RangeStatus
SUSESUSE Enterprise Storage 5openldap2 < 2.4.41-18.71.2affected
SUSESUSE Linux Enterprise Debuginfo 11-SP3openldap2 < 2.4.26-0.74.13.1,affected
SUSESUSE Linux Enterprise Debuginfo 11-SP4openldap2 < 2.4.26-0.74.13.1,affected
SUSESUSE Linux Enterprise Point of Sale 11-SP3openldap2 < 2.4.26-0.74.13.1,affected
SUSESUSE Linux Enterprise Server 11-SECURITYopenldap2-client-openssl1 < 2.4.26-0.74.13.1affected
SUSESUSE Linux Enterprise Server 11-SP4-LTSSopenldap2 < 2.4.26-0.74.13.1,affected
SUSESUSE Linux Enterprise Server 12-SP2-BCLopenldap2 < 2.4.41-18.71.2affected
SUSESUSE Linux Enterprise Server 12-SP2-LTSSopenldap2 < 2.4.41-18.71.2affected
SUSESUSE Linux Enterprise Server 12-SP3-BCLopenldap2 < 2.4.41-18.71.2affected
SUSESUSE Linux Enterprise Server 12-SP3-LTSSopenldap2 < 2.4.41-18.71.2affected
SUSESUSE Linux Enterprise Server 12-SP4openldap2 < 2.4.41-18.71.2affected
SUSESUSE Linux Enterprise Server 12-SP5openldap2 < 2.4.41-18.71.2affected
SUSESUSE Linux Enterprise Server 15-LTSSopenldap2 < 2.4.46-9.31.1affected
SUSESUSE Linux Enterprise Server for SAP 12-SP2openldap2 < 2.4.41-18.71.2affected
SUSESUSE Linux Enterprise Server for SAP 12-SP3openldap2 < 2.4.41-18.71.2affected
SUSESUSE Linux Enterprise Server for SAP 15openldap2 < 2.4.46-9.31.1affected
SUSESUSE OpenStack Cloud 7openldap2 < 2.4.41-18.71.2affected
SUSESUSE OpenStack Cloud 8openldap2 < 2.4.41-18.71.2affected
SUSESUSE OpenStack Cloud Crowbar 8openldap2 < 2.4.41-18.71.2affected
openSUSEopenSUSE Leap 15.1openldap2 < 2.4.46-lp151.10.12.1affected
openSUSEopenSUSE Leap 15.2openldap2 < 2.4.46-lp152.14.3.1affected

Weaknesses

  • CWE-349: CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data

ADP Enrichment

CVE Program Container

Additional References

References