AS-2022-012: OpenLDAP

2022-08-29

Statement

The OpenLDAP project announced multiple vulnerabilities that have been fixed in the latest release of OpenLDAP.

CVE-2022-29155 and other issues affected ASUSTOR products with ADM 4.1 and ADM 4.0.

• OpenLDAP 2.6.2 has been updated on ADM 4.1.0.RKM1 and ADM 4.0.5.RWM1 to resolve the issue.

Affected Products

Detail

• CVE-2022-29155
  • Severity: Critical
  • In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
• CVE-2020-36221
  • Severity: High
  • An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).
• CVE-2020-36222
  • Severity: High
  • A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.
• CVE-2020-36223
  • Severity: High
  • A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).
• CVE-2020-36224
  • Severity: High
  • A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
• CVE-2020-36225
  • Severity: High
  • A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
• CVE-2020-36226
  • Severity: High
  • A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.
• CVE-2020-36227
  • Severity: High
  • A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.
• CVE-2020-36228
  • Severity: High
  • An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
• CVE-2020-36229
  • Severity: High
  • A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.
• CVE-2020-36230
  • Severity: High
  • A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
• CVE-2020-25710
  • Severity: High
  • A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
• CVE-2020-25709
  • Severity: High
  • A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
• CVE-2020-25692
  • Severity: High
  • A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.

Reference

• Openldap : Security Vulnerabilities
• CVE-2022-29155
• CVE-2020-36221
• CVE-2020-36222
• CVE-2020-36223
• CVE-2020-36224
• CVE-2020-36225
• CVE-2020-36226
• CVE-2020-36227
• CVE-2020-36228
• CVE-2020-36229
• CVE-2020-36230
• CVE-2020-25710
• CVE-2020-25709
• CVE-2020-25692

Revision