An issue exists in the server in OpenLDAP prior to 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openldap openldap |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
debian debian linux 8.0 |
||
opensuse leap 15.0 |
||
opensuse leap 15.1 |
||
apple mac os x |
||
apple mac os x 10.14.6 |
||
apple mac os x 10.13.6 |
||
mcafee policy auditor |
||
mcafee policy auditor 6.5.1 |
||
oracle solaris 11 |
||
oracle zfs storage appliance kit 8.8 |
||
oracle blockchain platform |