Advisory ROSA-SA-2021-1935

Software: openldap 2.4.44
OS: Cobalt 7.9

CVE-ID: CVE-2017-14159
CVE-Crit: MEDIUM
CVE-DESC: slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping the privileges of a non-root account, which could allow local users to kill arbitrary processes using access to that non-root account to modify the PID file before the root script executes the "kill cat / pathname " command, as demonstrated by openldap-initscript.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-17740
CVE-Crit: HIGH
CVE-DESC: contrib / slapd-modules / nops / nops.c in OpenLDAP before version 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that has been allocated in the stack, allowing remote attackers to cause a denial of service (slapd failure) via a MODDN member operation.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-13057
CVE-Crit: MEDIUM
CVE-DESC: problem was found on a server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database administrator) privileges for certain databases but wants to maintain isolation (e.g., for multi-user deployments), slapd does not properly stop rootDN from requesting authorization as an identifier from another database during SASL binding or with the proxyAuthz control (RFC 4370). (This is not a common configuration for a system deployment in which the server administrator and the database administrator enjoy different levels of trust.)
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-13565
CVE-Crit: HIGH
CVE-DESC: The issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption and when using SASL security levels in slapd access controls, it is possible to gain access that would otherwise be denied through a simple binding for any identifier specified in those ACLs. After the first SASL binding is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (lookups, modifications, etc.). In other words, a successful authorization step performed by one user affects the authorization requirement for another user.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-25692
CVE-Crit: HIGH
CVE-DESC: null pointer dereference was detected on an OpenLDAP server and was fixed in openldap 2.4.55 during a RDN renaming request. An unauthenticated attacker could remotely disable the slapd process by sending a specially crafted request, resulting in a denial of service.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2020-36230
CVE-Crit: HIGH
CVE-DESC: A bug was discovered in OpenLDAP before version 2.4.57 leading to an assertion error in slapd when parsing DN X.509 in decode.c ber_next_element, resulting in a denial of service.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-36229
CVE-Crit: HIGH
CVE-DESC: A bug was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 that caused slapd to crash when parsing DN X.509 in ad_keystring, resulting in a denial of service.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-36228
CVE-Crit: HIGH
CVE-DESC: An integer underflow was detected in OpenLDAP before 2.4.57, causing slapd to fail when processing an exact certificate list assertion, resulting in a denial of service.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-36227
CVE-Crit: HIGH
CVE-DESC: A bug was discovered in OpenLDAP before 2.4.57 causing an infinite loop in slapd with cancel_extop operation, resulting in a denial of service.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-36226
CVE-Crit: HIGH
CVE-DESC: OpenLDAP before 2.4.57 had a bug that caused memch-> bv_len to miscalculate and slapd to fail when processing saslAuthzTo, resulting in a denial of service.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-36225
CVE-Crit: HIGH
CVE-DESC: A bug was discovered in OpenLDAP before 2.4.57 that caused free and slapd to fail twice when processing saslAuthzTo, resulting in a denial of service.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-36224
CVE-Crit: HIGH
CVE-DESC: A bug was discovered in OpenLDAP before 2.4.57 that caused saslAuthzTo processing to fail when releasing an invalid pointer and slapd to fail, resulting in a denial of service.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-36223
CVE-Crit: HIGH
CVE-DESC: in OpenLDAP before 2.4.57, a bug was discovered that caused slapd to fail in processing the return value filter control, resulting in a denial of service (double read free and out of bounds).
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-36221
CVE-Crit: HIGH
CVE-DESC: An integer underflow was detected in OpenLDAP before 2.4.57 that caused slapd to fail when processing an exact certificate assertion, resulting in a denial of service (schema_init.c serialNumberAndIssuerCheck).
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-36222
CVE-Crit: HIGH
CVE-DESC: A bug was discovered in OpenLDAP before 2.4.57 that caused an assertion error in slapd when checking saslAuthzTo, resulting in a denial of service.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-27212
CVE-Crit: HIGH
CVE-DESC: In OpenLDAP before versions 2.4.57 and 2.5.x to 2.5.1alpha, in the IssueerAndThisUpdateCheck function via the created package, an assertion failure in slapd via the created package may occur, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
CVE-STATUS: default
CVE-REV: default