Published: 26/07/2019 Updated: 13/06/2022

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

An issue exists in the server in OpenLDAP prior to 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

Vulnerable Product	Search on Vulmon	Subscribe to Product
openldap openldap
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
debian debian linux 8.0
opensuse leap 15.0
opensuse leap 15.1
apple mac os x
apple mac os x 10.14.6
apple mac os x 10.13.6
mcafee policy auditor
mcafee policy auditor 6.5.1
oracle solaris 11
oracle zfs storage appliance kit 8.8
oracle blockchain platform

Debian Bug report logs - #932997 openldap: CVE-2019-13057 Package: src:openldap; Maintainer for src:openldap is Debian OpenLDAP Maintainers <pkg-openldap-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 Jul 2019 17:15:02 UTC Severity: important Tags: security, upstre ...

Debian Bug report logs - #932998 openldap: CVE-2019-13565 Package: src:openldap; Maintainer for src:openldap is Debian OpenLDAP Maintainers <pkg-openldap-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 Jul 2019 17:15:05 UTC Severity: important Tags: security, upstre ...

Several security issues were fixed in OpenLDAP ...

Impact: Moderate Public Date: 2019-07-25 CWE: CWE-200 Bugzilla: 1730472: CVE-2019-13057 openldap: Infor ...

Critical Infrastructure Sectors: Critical Manufacturing

Full Disclosure mailing list archives   By Date By Thread </form>    APPLE-SA-2019-12-10-3 macOS Catalina 10152, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra <! ...

NVD-CWE-noinfo https://www.openldap.org/lists/openldap-announce/201907/msg00001.html https://www.openldap.org/its/?findid=9038 https://usn.ubuntu.com/4078-1/https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html https://usn.ubuntu.com/4078-2/https://security.netapp.com/advisory/ntap-20190822-0004/http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html https://support.apple.com/kb/HT210788 https://seclists.org/bugtraq/2019/Dec/23 http://seclists.org/fulldisclosure/2019/Dec/26 https://www.oracle.com/security-alerts/cpuapr2020.html https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://www.oracle.com/security-alerts/cpuapr2022.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932997 https://usn.ubuntu.com/4078-1/https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

CVE-2019-13057

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect