Lucene search

K
ubuntuUbuntuUSN-4078-2
HistoryAug 19, 2019 - 12:00 a.m.

OpenLDAP vulnerabilities

2019-08-1900:00:00
ubuntu.com
42

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.3%

Releases

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04

Packages

  • openldap - OpenLDAP utilities

Details

USN-4078-1 fixed several vulnerabilities in openldap. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that OpenLDAP incorrectly handled rootDN delegation. A
database administrator could use this issue to request authorization as an
identity from another database, contrary to expectations. (CVE-2019-13057)

It was discovered that OpenLDAP incorrectly handled SASL authentication and
session encryption. After a first SASL bind was completed, it was possible
to obtain access by performing simple binds, contrary to expectations.
(CVE-2019-13565)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchslapd< 2.4.31-1+nmu2ubuntu8.5+esm1UNKNOWN
Ubuntu14.04noarchldap-utils< 2.4.31-1+nmu2ubuntu8.5UNKNOWN
Ubuntu14.04noarchldap-utils-dbgsym< 2.4.31-1+nmu2ubuntu8.5UNKNOWN
Ubuntu14.04noarchlibldap-2.4-2< 2.4.31-1+nmu2ubuntu8.5UNKNOWN
Ubuntu14.04noarchlibldap-2.4-2-dbg< 2.4.31-1+nmu2ubuntu8.5UNKNOWN
Ubuntu14.04noarchlibldap-2.4-2-dbgsym< 2.4.31-1+nmu2ubuntu8.5UNKNOWN
Ubuntu14.04noarchlibldap2-dev< 2.4.31-1+nmu2ubuntu8.5UNKNOWN
Ubuntu14.04noarchlibldap2-dev-dbgsym< 2.4.31-1+nmu2ubuntu8.5UNKNOWN
Ubuntu14.04noarchslapd< 2.4.31-1+nmu2ubuntu8.5UNKNOWN
Ubuntu14.04noarchslapd-dbg< 2.4.31-1+nmu2ubuntu8.5UNKNOWN
Rows per page:
1-10 of 141

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.3%