Vulnerability Description
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openldap | Openldap | >= 2.0, <= 2.4.47 |
| Canonical | Ubuntu Linux | 12.04 |
| Debian | Debian Linux | 8.0 |
| Opensuse | Leap | 15.0 |
| F5 | Traffix Signaling Delivery Controller | 5.0.0 |
| Apple | Mac Os X | >= 10.13, < 10.13.6 |
| Oracle | Blockchain Platform | < 21.1.2 |
| Oracle | Zfs Storage Appliance Kit | 8.8 |
| Oracle | Solaris | 11 |
References
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.htmlMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2019/Dec/26Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
- https://lists.debian.org/debian-lts-announce/2019/08/msg00024.htmlMailing ListThird Party Advisory
- https://seclists.org/bugtraq/2019/Dec/23Mailing ListThird Party Advisory
- https://support.apple.com/kb/HT210788Third Party Advisory
- https://support.f5.com/csp/article/K98008862?utm_source=f5support&%3Butm_medi
- https://usn.ubuntu.com/4078-1/Third Party Advisory
- https://usn.ubuntu.com/4078-2/Third Party Advisory
- https://www.openldap.org/its/index.cgi/?findid=9052Mailing ListVendor Advisory
- https://www.openldap.org/lists/openldap-announce/201907/msg00001.htmlMailing ListVendor Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.htmlPatchThird Party Advisory
FAQ
What is CVE-2019-13565?
CVE-2019-13565 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain...
How severe is CVE-2019-13565?
CVE-2019-13565 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13565?
Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Canonical Ubuntu Linux, Debian Debian Linux, Opensuse Leap, F5 Traffix Signaling Delivery Controller.