Description
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.
References (16)
Core 16
Core References
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4078-1/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4078-2/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Dec/23
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Dec/26
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2020.html
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT210788
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Mailing List, Vendor Advisory x_refsource_confirm
https://www.openldap.org/lists/openldap-announce/201907/msg00001.html
Mailing List, Vendor Advisory x_refsource_misc
https://www.openldap.org/its/index.cgi/?findid=9052
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K98008862?utm_source=f5support&%3Butm_medium=RSS
Scores
CVSS v3
7.5
EPSS
0.0328
EPSS Percentile
87.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (17)
apple/mac_os_x
10.13.6 (10 CPE variants)
apple/mac_os_x
10.14.6 (2 CPE variants)
apple/mac_os_x
10.13 - 10.13.6
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
19.04
debian/debian_linux
8.0
f5/traffix_signaling_delivery_controller
5.0.0
... and 7 more
Published
Jul 26, 2019
Tracked Since
Feb 18, 2026