CVE-2020-8023
Published: Sep 1, 2020
Modified: Sep 16, 2024
CVSS v3.1
7.7
Description
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.
| Vendor | Product | Versions |
|---|---|---|
SUSE | SUSE Enterprise Storage 5 | affected openldap2 - < 2.4.41-18.71.2 |
SUSE | SUSE Linux Enterprise Debuginfo 11-SP3 | affected openldap2 - < 2.4.26-0.74.13.1, |
SUSE | SUSE Linux Enterprise Debuginfo 11-SP4 | affected openldap2 - < 2.4.26-0.74.13.1, |
SUSE | SUSE Linux Enterprise Point of Sale 11-SP3 | affected openldap2 - < 2.4.26-0.74.13.1, |
SUSE | SUSE Linux Enterprise Server 11-SECURITY | affected openldap2-client-openssl1 - < 2.4.26-0.74.13.1 |
SUSE | SUSE Linux Enterprise Server 11-SP4-LTSS | affected openldap2 - < 2.4.26-0.74.13.1, |
SUSE | SUSE Linux Enterprise Server 12-SP2-BCL | affected openldap2 - < 2.4.41-18.71.2 |
SUSE | SUSE Linux Enterprise Server 12-SP2-LTSS | affected openldap2 - < 2.4.41-18.71.2 |
SUSE | SUSE Linux Enterprise Server 12-SP3-BCL | affected openldap2 - < 2.4.41-18.71.2 |
SUSE | SUSE Linux Enterprise Server 12-SP3-LTSS | affected openldap2 - < 2.4.41-18.71.2 |
SUSE | SUSE Linux Enterprise Server 12-SP4 | affected openldap2 - < 2.4.41-18.71.2 |
SUSE | SUSE Linux Enterprise Server 12-SP5 | affected openldap2 - < 2.4.41-18.71.2 |
SUSE | SUSE Linux Enterprise Server 15-LTSS | affected openldap2 - < 2.4.46-9.31.1 |
SUSE | SUSE Linux Enterprise Server for SAP 12-SP2 | affected openldap2 - < 2.4.41-18.71.2 |
SUSE | SUSE Linux Enterprise Server for SAP 12-SP3 | affected openldap2 - < 2.4.41-18.71.2 |
SUSE | SUSE Linux Enterprise Server for SAP 15 | affected openldap2 - < 2.4.46-9.31.1 |
SUSE | SUSE OpenStack Cloud 7 | affected openldap2 - < 2.4.41-18.71.2 |
SUSE | SUSE OpenStack Cloud 8 | affected openldap2 - < 2.4.41-18.71.2 |
SUSE | SUSE OpenStack Cloud Crowbar 8 | affected openldap2 - < 2.4.41-18.71.2 |
openSUSE | openSUSE Leap 15.1 | affected openldap2 - < 2.4.46-lp151.10.12.1 |
openSUSE | openSUSE Leap 15.2 | affected openldap2 - < 2.4.46-lp152.14.3.1 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now