← Back

CVE-2019-13057

nvd nist
Published: Jul 26, 2019Modified: Nov 21, 2024

JSON object

Loading...
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.2 / Impact: 3.6
Source: NVD

Description

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

Affected (29)

Show all products
Openldap: Openldap · Canonical: Ubuntu Linux · Debian: Debian Linux · Opensuse: Leap · Apple: Mac Os X · Mcafee: Policy Auditor · Oracle: Blockchain Platform, Solaris, Zfs Storage Appliance Kit
Openldap
1 product
Openldap
Canonical
1 product
Ubuntu Linux
Debian
1 product
Debian Linux
Opensuse
1 product
Leap
Apple
1 product
Mac Os X
Mcafee
1 product
Policy Auditor
Oracle
3 products
Blockchain Platform
Solaris
Zfs Storage Appliance Kit
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Openldap
Before 2.4.48
Configuration B
5 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 19.04
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 8.0
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Leap
Version 15.0
Leap
Version 15.1
Configuration E
15 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Mac Os X
From 10.13 to 10.13.6
Mac Os X
From 10.14 to 10.14.6
Mac Os X
From 10.15 to 10.15.2
Mac Os X
Version 10.13.6
Mac Os X
Version 10.13.6 security_update_2018-002
Mac Os X
Version 10.13.6 security_update_2018-003
Mac Os X
Version 10.13.6 security_update_2019-001
Mac Os X
Version 10.13.6 security_update_2019-002
Mac Os X
Version 10.13.6 security_update_2019-003
Mac Os X
Version 10.13.6 security_update_2019-004
Mac Os X
Version 10.13.6 security_update_2019-005
Mac Os X
Version 10.13.6 security_update_2019-006
Mac Os X
Version 10.14.6
Mac Os X
Version 10.14.6
Mac Os X
Version 10.14.6 security_update_2019-001
Configuration F
2 vulnerable
Vulnerable SoftwareAffected Versions
Mcafee
Policy Auditor
Before 6.5.1
Policy Auditor
Version 6.5.1
Configuration G
3 vulnerable
Vulnerable SoftwareAffected Versions
Blockchain Platform
Before 21.1.2
Solaris
Version 11
Zfs Storage Appliance Kit
Version 8.8

References (28)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Mailing ListVendor Advisory
Source: cve@mitre.org
Mailing ListProductVendor Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListProductVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.