SB2023050418 - Amazon Linux AMI update for openldap

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023050418

SB2023050418 - Amazon Linux AMI update for openldap

Published: May 4, 2023

Security Bulletin ID SB2023050418
Severity
Medium
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 92% Low 8%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Improper Authorization (CVE-ID: CVE-2019-13565)

The vulnerability allows a remote attacker to escalate privileges.
The vulnerability exists due to incorrect processing of SASL authentication and session encryption in OpenLDAP. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections, allowing to bypass ACLs and obtain access by performing simple binds.

2) Integer underflow (CVE-ID: CVE-2020-36221)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer underflow within the serialNumberAndIssuerCheck() function in schema_init.c. A remote attacker can send a specially crafted request to the affected application, trigger an integer underflow and crash the slapd.



3) Reachable Assertion (CVE-ID: CVE-2020-36222)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in slapd in the saslAuthzTo validation. A remote attacker can send a specially crafted request and perform a denial of service (DoS) attack.


4) Double Free (CVE-ID: CVE-2020-36223)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error during the Values Return Filter control handling. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack.


5) Release of invalid pointer or reference (CVE-ID: CVE-2020-36224)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to release of an invalid pointer when processing saslAuthzTo requests. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.


6) Double Free (CVE-ID: CVE-2020-36225)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the saslAuthzTo processing. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack


7) Resource management error (CVE-ID: CVE-2020-36226)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application leading to a memch->bv_len miscalculation during saslAuthzTo processing. A remote attacker can send specially crafted request to the slapd and perform a denial of service (DoS) attack.


8) Infinite loop (CVE-ID: CVE-2020-36227)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in slapd with the cancel_extop Cancel operation. A remote attacker can send a specially crafted request and perform a denial of service conditions.


9) Integer underflow (CVE-ID: CVE-2020-36228)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer underflow when processing the certificate list exact assertion. A remote attacker can send a specially crafted request to the slapd, trigger integer underflow and perform a denial of service (DoS) attack.



10) Type Confusion (CVE-ID: CVE-2020-36229)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error in ldap_X509dn2bv when parsing X.509 DN in ad_keystring. A remote attacker can send a specially crafted request to slapd and crash it.


11) Reachable Assertion (CVE-ID: CVE-2020-36230)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when parsing the X.509 DN within the ber_next_element() function in decode.c. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.


12) Reachable Assertion (CVE-ID: CVE-2021-27212)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing LDAP packets within the issuerAndThisUpdateCheck() function in  schema_init.c. A remote attacker can send a specially crafted packet with a short timestamp to the slapd and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References