CVE-2020-8023
Description
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) libldap-2_4-2-2.4.41-18.71.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) libldap-2_4-2-32bit-2.4.41-18.71.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) libldap-2_4-2-debuginfo-2.4.41-18.71.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) openldap2-2.4.41-18.71.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) openldap2-back-meta-2.4.41-18.71.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) openldap2-back-meta-debuginfo-2.4.41-18.71.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) openldap2-client-2.4.41-18.71.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) openldap2-client-debuginfo-2.4.41-18.71.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) openldap2-debuginfo-2.4.41-18.71.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) openldap2-debugsource-2.4.41-18.71.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) openldap2-doc-2.4.41-18.71.2.noarch.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) openldap2-ppolicy-check-password-1.2-18.71.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP4 ) openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) libldap-2_4-2-2.4.41-18.71.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) libldap-2_4-2-32bit-2.4.41-18.71.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) libldap-2_4-2-debuginfo-2.4.41-18.71.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) openldap2-2.4.41-18.71.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) openldap2-back-meta-2.4.41-18.71.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) openldap2-back-meta-debuginfo-2.4.41-18.71.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) openldap2-client-2.4.41-18.71.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) openldap2-client-debuginfo-2.4.41-18.71.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) openldap2-debuginfo-2.4.41-18.71.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) openldap2-debugsource-2.4.41-18.71.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) openldap2-doc-2.4.41-18.71.2.noarch_SP5.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) openldap2-ppolicy-check-password-1.2-18.71.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1859-1(SUSE Linux Enterprise Server 12-SP5 ) openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2.x86_64_SP5.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234