https://bugs.openldap.org/show_bug.cgi?id=9413

https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65

https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26

https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439

https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8

https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57

[debian-lts-announce] 20210203 [SECURITY] [DLA 2544-1] openldap security update

https://security.netapp.com/advisory/ntap-20210226-0002/

DSA-4845

According to the versions of the openldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - In OpenLDAP through 2.4.57 and 2.5.x through     2.5.1alpha, an assertion failure in slapd can occur in     the issuerAndThisUpdateCheck function via a crafted     packet, resulting in a denial of service (daemon exit)     via a short timestamp. This is related to schema_init.c     and checkTime.(CVE-2021-27212)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     in an assertion failure in slapd in the X.509 DN     parsing in decode.c ber_next_element, resulting in     denial of service.(CVE-2020-36230)

  - A flaw was discovered in ldap_X509dn2bv in OpenLDAP     before 2.4.57 leading to a slapd crash in the X.509 DN     parsing in ad_keystring, resulting in denial of     service.(CVE-2020-36229)

  - An integer underflow was discovered in OpenLDAP before     2.4.57 leading to a slapd crash in the Certificate List     Exact Assertion processing, resulting in denial of     service.(CVE-2020-36228)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to an infinite loop in slapd with the cancel_extop     Cancel operation, resulting in denial of     service.(CVE-2020-36227)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to a memch->bv_len miscalculation and slapd crash in     the saslAuthzTo processing, resulting in denial of     service.(CVE-2020-36226)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to a double free and slapd crash in the saslAuthzTo     processing, resulting in denial of     service.(CVE-2020-36225)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to an invalid pointer free and slapd crash in the     saslAuthzTo processing, resulting in denial of     service.(CVE-2020-36224)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to a slapd crash in the Values Return Filter control     handling, resulting in denial of service (double free     and out-of-bounds read).(CVE-2020-36223)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to an assertion failure in slapd in the saslAuthzTo     validation, resulting in denial of     service.(CVE-2020-36222)

  - An integer underflow was discovered in OpenLDAP before     2.4.57 leading to slapd crashes in the Certificate     Exact Assertion processing, resulting in denial of     service (schema_init.c     serialNumberAndIssuerCheck).(CVE-2020-36221)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for openldap2 fixes the following issues :

  - bsc#1182408 CVE-2020-36230 - an assertion failure in     slapd in the X.509 DN parsing in decode.c     ber_next_element, resulting in denial of service.

  - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the     X.509 DN parsing in ad_keystring, resulting in denial of     service.

  - bsc#1182412 CVE-2020-36228 - integer underflow leading     to crash in the Certificate List Exact Assertion     processing, resulting in denial of service.

  - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with     the cancel_extop Cancel operation, resulting in denial     of service.

  - bsc#1182416 CVE-2020-36225 - double free and slapd crash     in the saslAuthzTo processing, resulting in denial of     service.

  - bsc#1182417 CVE-2020-36224 - invalid pointer free and     slapd crash in the saslAuthzTo processing, resulting in     denial of service.

  - bsc#1182415 CVE-2020-36226 - memch->bv_len     miscalculation and slapd crash in the saslAuthzTo     processing, resulting in denial of service.

  - bsc#1182419 CVE-2020-36222 - assertion failure in slapd     in the saslAuthzTo validation, resulting in denial of     service.

  - bsc#1182420 CVE-2020-36221 - slapd crashes in the     Certificate Exact Assertion processing, resulting in     denial of service (schema_init.c     serialNumberAndIssuerCheck).

  - bsc#1182418 CVE-2020-36223 - slapd crash in the Values     Return Filter control handling, resulting in denial of     service (double free and out-of-bounds read).

  - bsc#1182279 CVE-2021-27212 - an assertion failure in     slapd can occur in the issuerAndThisUpdateCheck function     via a crafted packet, resulting in a denial of service     (daemon exit) via a short timestamp. This is related to     schema_init.c and checkTime.

This update was imported from the SUSE:SLE-15:Update update project.

This update for openldap2 fixes the following issues :

bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.

bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.

bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service.

bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.

bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.

bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).

bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp.
This is related to schema_init.c and checkTime.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the OpenLDAP packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - OpenLDAP An integer underflow was discovered in     OpenLDAP before 2.4.57 leading to a slapd crash in the     Certificate List Exact Assertion processing, resulting     in denial of service.(CVE-2020-36228)

  - OpenLDAP A flaw was discovered in OpenLDAP before     2.4.57 leading to a slapd crash in the Values Return     Filter control handling, resulting in denial of service     (double free and out-of-bounds read).(CVE-2020-36223)

  - OpenLDAP A flaw was discovered in OpenLDAP before     2.4.57 leading to an assertion failure in slapd in the     saslAuthzTo validation, resulting in denial of     service.(CVE-2020-36222)

  - OpenLDAP An integer underflow was discovered in     OpenLDAP before 2.4.57 leading to slapd crashes in the     Certificate Exact Assertion processing, resulting in     denial of service (schema_init.c     serialNumberAndIssuerCheck).(CVE-2020-36221)

  - OpenLDAP A flaw was discovered in OpenLDAP before     2.4.57 leading in an assertion failure in slapd in the     X.509 DN parsing in decode.c ber_next_element,     resulting in denial of service.(CVE-2020-36230)

  - OpenLDAP A flaw was discovered in OpenLDAP before     2.4.57 leading to an invalid pointer free and slapd     crash in the saslAuthzTo processing, resulting in     denial of service.(CVE-2020-36224)

  - OpenLDAP A flaw was discovered in OpenLDAP before     2.4.57 leading to a double free and slapd crash in the     saslAuthzTo processing, resulting in denial of     service.(CVE-2020-36225)

  - OpenLDAP A flaw was discovered in OpenLDAP before     2.4.57 leading to an infinite loop in slapd with the     cancel_extop Cancel operation, resulting in denial of     service.(CVE-2020-36227)

  - OpenLDAP A flaw was discovered in OpenLDAP before     2.4.57 leading to a memch->bv_len miscalculation and     slapd crash in the saslAuthzTo processing, resulting in     denial of service.(CVE-2020-36226)

  - OpenLDAP A flaw was discovered in ldap_X509dn2bv in     OpenLDAP before 2.4.57 leading to a slapd crash in the     X.509 DN parsing in ad_keystring, resulting in denial     of service.(CVE-2020-36229)

  - A NULL pointer dereference was found in OpenLDAP server     and was fixed in openldap 2.4.55, during a request for     renaming RDNs. An unauthenticated attacker could     remotely crash the slapd process by sending a specially     crafted request, causing a Denial of     Service.(CVE-2020-25692)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the openldap package has been released.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4724-1 advisory.

  - An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate     Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).
    (CVE-2020-36221)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the     saslAuthzTo validation, resulting in denial of service. (CVE-2020-36222)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter     control handling, resulting in denial of service (double free and out-of-bounds read). (CVE-2020-36223)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the     saslAuthzTo processing, resulting in denial of service. (CVE-2020-36224)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the     saslAuthzTo processing, resulting in denial of service. (CVE-2020-36225)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash     in the saslAuthzTo processing, resulting in denial of service. (CVE-2020-36226)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop     Cancel operation, resulting in denial of service. (CVE-2020-36227)

  - An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate     List Exact Assertion processing, resulting in denial of service. (CVE-2020-36228)

  - A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN     parsing in ad_keystring, resulting in denial of service. (CVE-2020-36229)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN     parsing in decode.c ber_next_element, resulting in denial of service. (CVE-2020-36230)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the openldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - An integer underflow was discovered in OpenLDAP before     2.4.57 leading to slapd crashes in the Certificate     Exact Assertion processing, resulting in denial of     service (schema_init.c     serialNumberAndIssuerCheck).(CVE-2020-36221)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to an assertion failure in slapd in the saslAuthzTo     validation, resulting in denial of     service.(CVE-2020-36222)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to a slapd crash in the Values Return Filter control     handling, resulting in denial of service (double free     and out-of-bounds read).(CVE-2020-36223)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to an invalid pointer free and slapd crash in the     saslAuthzTo processing, resulting in denial of     service.(CVE-2020-36224)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to a double free and slapd crash in the saslAuthzTo     processing, resulting in denial of     service.(CVE-2020-36225)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to a memch->bv_len miscalculation and slapd crash in     the saslAuthzTo processing, resulting in denial of     service.(CVE-2020-36226)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     to an infinite loop in slapd with the cancel_extop     Cancel operation, resulting in denial of     service.(CVE-2020-36227)

  - An integer underflow was discovered in OpenLDAP before     2.4.57 leading to a slapd crash in the Certificate List     Exact Assertion processing, resulting in denial of     service.(CVE-2020-36228)

  - A flaw was discovered in ldap_X509dn2bv in OpenLDAP     before 2.4.57 leading to a slapd crash in the X.509 DN     parsing in ad_keystring, resulting in denial of     service.(CVE-2020-36229)

  - A flaw was discovered in OpenLDAP before 2.4.57 leading     in an assertion failure in slapd in the X.509 DN     parsing in decode.c ber_next_element, resulting in     denial of service.(CVE-2020-36230)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash, infinite loops) via specially crafted packets.

For Debian 9 stretch, these problems have been fixed in version 2.4.44+dfsg-5+deb9u7.

We recommend that you upgrade your openldap packages.

For the detailed security status of openldap please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/openldap

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash, infinite loops) via specially crafted packets.

ID	Name	Product	Family	Severity
148621	EulerOS : openldap (EulerOS-SA-2021-1753)	Nessus	Huawei Local Security Checks	medium
148597	EulerOS : openldap (EulerOS-SA-2021-1719)	Nessus	Huawei Local Security Checks	medium
147794	openSUSE Security Update : openldap2 (openSUSE-2021-408)	Nessus	SuSE Local Security Checks	medium
147570	SUSE SLED15 / SLES15 Security Update : openldap2 (SUSE-SU-2021:0723-1)	Nessus	SuSE Local Security Checks	medium
147513	EulerOS Virtualization for ARM 64 3.0.2.0 : OpenLDAP (EulerOS-SA-2021-1394)	Nessus	Huawei Local Security Checks	medium
147134	SUSE SLES12 Security Update : openldap2 (SUSE-SU-2021:0693-1)	Nessus	SuSE Local Security Checks	medium
147030	SUSE SLES12 Security Update : openldap2 (SUSE-SU-2021:0692-1)	Nessus	SuSE Local Security Checks	medium
147004	Photon OS 1.0: Openldap PHSA-2021-1.0-0366	Nessus	PhotonOS Local Security Checks	medium
146487	Photon OS 2.0: Openldap PHSA-2021-2.0-0318	Nessus	PhotonOS Local Security Checks	medium
146302	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : OpenLDAP vulnerabilities (USN-4724-1)	Nessus	Ubuntu Local Security Checks	medium
146256	EulerOS : openldap (EulerOS-SA-2021-1269)	Nessus	Huawei Local Security Checks	medium
146229	EulerOS 2.0 SP9 : openldap (EulerOS-SA-2021-1250)	Nessus	Huawei Local Security Checks	medium
146191	Debian DLA-2544-1 : openldap security update	Nessus	Debian Local Security Checks	medium
146122	Debian DSA-4845-1 : openldap - security update	Nessus	Debian Local Security Checks	medium

CVE-2020-36226

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium