CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-31 14:19:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
dc6e2cf7158eeb24cfecb4d64f4f1da9a8a732e2
CVEs-PoC/2020/CVE-2020-8023.md
T
marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00

45 lines
6.1 KiB
Markdown
Raw Blame History

### [CVE-2020-8023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8023)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Enterprise%20Storage%205&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Debuginfo%2011-SP3&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Debuginfo%2011-SP4&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011-SP3&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2011-SP4-LTSS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2012-SP2-BCL&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2012-SP2-LTSS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2012-SP3-BCL&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2012-SP3-LTSS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2012-SP4&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2012-SP5&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2015-LTSS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%2012-SP2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%2012-SP3&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%2015&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20OpenStack%20Cloud%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20OpenStack%20Cloud%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SUSE%20OpenStack%20Cloud%20Crowbar%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=openSUSE%20Leap%2015.1&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=openSUSE%20Leap%2015.2&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=openldap2%3C%202.4.26-0.74.13.1%2C%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=openldap2%3C%202.4.41-18.71.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=openldap2%3C%202.4.46-9.31.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=openldap2%3C%202.4.46-lp151.10.12.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=openldap2%3C%202.4.46-lp152.14.3.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=openldap2-client-openssl1%3C%202.4.26-0.74.13.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-349%3A%20Acceptance%20of%20Extraneous%20Untrusted%20Data%20With%20Trusted%20Data&color=brighgreen)
### Description
A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.
### POC
#### Reference
- https://bugzilla.suse.com/show_bug.cgi?id=1172698
#### Github
- https://github.com/404notf0und/CVE-Flow
- https://github.com/ARPSyndicate/cvemon
- https://github.com/chnzzh/OpenSSL-CVE-lib
Reference in New Issue View Git Blame Copy Permalink