公告ID: KYLIN-2019-13057
安全等级: 中等
产品: Kylin V3
发布日期: 2019年7月25日
CVE: CVE-2019-13057
CVSS3评分: 6.5
概述:
None 描述:
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.) 系统版本:
KYLIN 3.0.x
KYLIN 3.2.x
KYLIN 3.2.x
KYLIN 3.3.x
KYLIN 3.3.x
KYLIN 3.4.x
受影响包列表:
openldap
compat-openldap
openldap
compat-openldap
openldap
openldap