CVE-2020-8023

🗓️ 01 Sep 2020 11:25:12Reported by suseType

A vulnerability in openldap2 start script of various SUSE products allows local attackers to escalate privileges from user ldap to root

Reporter	Title	Published	Views	Family All 25
Cvelist	CVE-2020-8023 Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2	1 Sep 202011:25	–	cvelist
EUVD	EUVD-2020-28935	7 Oct 202500:30	–	euvd
NVD	CVE-2020-8023	1 Sep 202012:15	–	nvd
Tenable Nessus	openSUSE Security Update : openldap2 (openSUSE-2020-956)	20 Jul 202000:00	–	nessus
Tenable Nessus	openSUSE Security Update : openldap2 (openSUSE-2020-976)	20 Jul 202000:00	–	nessus
Tenable Nessus	SUSE SLES11 Security Update : openldap2 (SUSE-SU-2020:14419-1)	10 Jun 202100:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : openldap2 (SUSE-SU-2020:1855-1)	9 Jul 202000:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : openldap2 (SUSE-SU-2020:1856-1)	9 Jul 202000:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : openldap2 (SUSE-SU-2020:1859-1)	9 Jul 202000:00	–	nessus
OPENSUSE Linux	Security update for openldap2 (important)	14 Jul 202000:00	–	opensuse

NVD

Node

opensuse openldap2Range<2.4.41-18.71.2

AND

suse enterprise_storageMatch5.0

suse openstack_cloudMatch7.0

suse openstack_cloudMatch8.0

suse openstack_cloud_crowbarMatch8.0

suse linux_enterprise_serverMatch12sp2

suse linux_enterprise_serverMatch12sp2sap

suse linux_enterprise_serverMatch12sp2ltss

suse linux_enterprise_serverMatch12sp3sap

suse linux_enterprise_serverMatch12sp3--

suse linux_enterprise_serverMatch12sp3ltss

suse linux_enterprise_serverMatch12sp4

suse linux_enterprise_serverMatch12sp5

Node

opensuse openldap2Range<2.4.26-0.74.13.1

AND

suse linux_enterprise_debuginfoMatch11sp3

suse linux_enterprise_debuginfoMatch11sp4

suse linux_enterprise_point_of_saleMatch11sp3

suse linux_enterprise_serverMatch11-

suse linux_enterprise_serverMatch11sp4ltss

Node

opensuse openldap2Range<2.4.46-9.31.1

AND

suse linux_enterprise_serverMatch15ltss

suse linux_enterprise_serverMatch15sap

Node

opensuse openldap2Range<2.4.46-lp151.10.12.1

AND

opensuse leapMatch15.1

opensuse leapMatch15.2

[
  {
    "product": "SUSE Enterprise Storage 5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Debuginfo 11-SP3",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.26-0.74.13.1,",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Debuginfo 11-SP4",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.26-0.74.13.1,",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Point of Sale 11-SP3",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.26-0.74.13.1,",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 11-SECURITY",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.26-0.74.13.1",
        "status": "affected",
        "version": "openldap2-client-openssl1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 11-SP4-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.26-0.74.13.1,",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP2-BCL",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP2-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP3-BCL",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP3-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP4",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12-SP5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 15-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.46-9.31.1",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server for SAP 12-SP2",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server for SAP 12-SP3",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server for SAP 15",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.46-9.31.1",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE OpenStack Cloud 7",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE OpenStack Cloud 8",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE OpenStack Cloud Crowbar 8",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.4.41-18.71.2",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "openSUSE Leap 15.1",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "2.4.46-lp151.10.12.1",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "openSUSE Leap 15.2",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "2.4.46-lp152.14.3.1",
        "status": "affected",
        "version": "openldap2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.suse.com/show_bug.cgi

21 Nov 2024 05:38Current

7.3High risk

Vulners AI Score7.3

CVSS 27.2

CVSS 3.17.7 - 7.8

EPSS0.00061

CWE-349