CVE-2020-8023 in Suse and OpenSuse Products
Published on September 1, 2020
Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.
Vulnerability Analysis
CVE-2020-8023 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE
Weakness Type
Acceptance of Extraneous Untrusted Data With Trusted Data
The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
Products Associated with CVE-2020-8023
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-8023 are published in these products:
Affected Versions
SUSE Enterprise Storage 5:- Version openldap2 and below 2.4.41-18.71.2 is affected.
- Version openldap2 and below 2.4.26-0.74.13.1, is affected.
- Version openldap2 and below 2.4.26-0.74.13.1, is affected.
- Version openldap2 and below 2.4.26-0.74.13.1, is affected.
- Version openldap2-client-openssl1 and below 2.4.26-0.74.13.1 is affected.
- Version openldap2 and below 2.4.26-0.74.13.1, is affected.
- Version openldap2 and below 2.4.41-18.71.2 is affected.
- Version openldap2 and below 2.4.41-18.71.2 is affected.
- Version openldap2 and below 2.4.41-18.71.2 is affected.
- Version openldap2 and below 2.4.41-18.71.2 is affected.
- Version openldap2 and below 2.4.41-18.71.2 is affected.
- Version openldap2 and below 2.4.41-18.71.2 is affected.
- Version openldap2 and below 2.4.46-9.31.1 is affected.
- Version openldap2 and below 2.4.41-18.71.2 is affected.
- Version openldap2 and below 2.4.41-18.71.2 is affected.
- Version openldap2 and below 2.4.46-9.31.1 is affected.
- Version openldap2 and below 2.4.41-18.71.2 is affected.
- Version openldap2 and below 2.4.41-18.71.2 is affected.
- Version openldap2 and below 2.4.41-18.71.2 is affected.
- Version openldap2 and below 2.4.46-lp151.10.12.1 is affected.
- Version openldap2 and below 2.4.46-lp152.14.3.1 is affected.
Exploit Probability
EPSS
0.06%
Percentile
18.83%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.