CVE-2019-13057

2019-07-2600:00:00

ubuntu.com

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.3%

JSON

An issue was discovered in the server in OpenLDAP before 2.4.48. When the
server administrator delegates rootDN (database admin) privileges for
certain databases but wants to maintain isolation (e.g., for multi-tenant
deployments), slapd does not properly stop a rootDN from requesting
authorization as an identity from another database during a SASL bind or
with a proxyAuthz (RFC 4370) control. (It is not a common configuration to
deploy a system where the server administrator and a DB administrator enjoy
different levels of trust.)

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchopenldap< 2.4.45+dfsg-1ubuntu1.3UNKNOWN
ubuntu19.04noarchopenldap< 2.4.47+dfsg-3ubuntu2.1UNKNOWN
ubuntu14.04noarchopenldap< 2.4.31-1+nmu2ubuntu8.5+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchopenldap< 2.4.42+dfsg-2ubuntu3.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	openldap	< 2.4.45+dfsg-1ubuntu1.3	UNKNOWN
ubuntu	19.04	noarch	openldap	< 2.4.47+dfsg-3ubuntu2.1	UNKNOWN
ubuntu	14.04	noarch	openldap	< 2.4.31-1+nmu2ubuntu8.5+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only	UNKNOWN
ubuntu	16.04	noarch	openldap	< 2.4.42+dfsg-2ubuntu3.6	UNKNOWN