var-202101-1246
Vulnerability from variot
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-05-25-2 macOS Big Sur 11.4
macOS Big Sur 11.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212529.
AMD Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30678: Yu Wang of Didi Research America
AMD Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A logic issue was addressed with improved state management. CVE-2021-30676: shrek_wzw
App Store Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: A path handling issue was addressed with improved validation. CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30669: Yair Hoffmann
Audio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative
Audio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30727: Cees Elzinga
CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock Available for: macOS Big Sur Impact: A malicious application may be able to access a user's call history Description: An access issue was addressed with improved access restrictions. CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers Available for: macOS Big Sur Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative
Heimdal Available for: macOS Big Sur Impact: A local user may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal Available for: macOS Big Sur Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: A memory corruption issue was addressed with improved state management. CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal Available for: macOS Big Sur Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A use after free issue was addressed with improved memory management. CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security
ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted ASTC file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read issue was addressed by removing the vulnerable code. CVE-2021-30719: an anonymous researcher working with Trend Micro Zero Day Initiative
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30728: Liu Long of Ant Security Light-Year Lab CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30740: Linus Henze (pinauten.de)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30704: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: Processing a maliciously crafted message may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2021-30736: Ian Beer of Google Project Zero
Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
Kext Management Available for: macOS Big Sur Impact: A local user may be able to load unsigned kernel extensions Description: A logic issue was addressed with improved state management. CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window Available for: macOS Big Sur Impact: A person with physical access to a Mac may be able to bypass Login Window Description: A logic issue was addressed with improved state management. CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Mail Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to misrepresent application state Description: A logic issue was addressed with improved state management. CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences
Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An information disclosure issue was addressed with improved state management. CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A validation issue was addressed with improved logic. CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-36226 CVE-2020-36227 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36221 CVE-2020-36228 CVE-2020-36222 CVE-2020-36230 CVE-2020-36229
PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to overwrite arbitrary files Description: An issue with path validation logic for hardlinks was addressed with improved path sanitization. CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl (@theevilbit) of Offensive Security
Security Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. CVE-2021-30737: xerub
smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to perform denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved state management. CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A path handling issue was addressed with improved validation. CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information disclosure issue was addressed with improved state management. CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update Available for: macOS Big Sur Impact: A person with physical access to a Mac may be able to bypass Login Window during a software update Description: This issue was addressed with improved checks. CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate Available for: macOS Big Sur Impact: A non-privileged user may be able to modify restricted settings Description: This issue was addressed with improved checks. CVE-2021-30718: SiQian Wei of ByteDance Security
TCC Available for: macOS Big Sur Impact: A malicious application may be able to send unauthorized Apple events to Finder Description: A validation issue was addressed with improved logic. CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. Description: A permissions issue was addressed with improved validation. CVE-2021-30713: an anonymous researcher
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. CVE-2021-30744: Dan Hite of jsontop
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30689: an anonymous researcher
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Big Sur Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A logic issue was addressed with improved restrictions. CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2021-23841: Tavis Ormandy of Google CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store We would like to acknowledge Thijs Alkemade of Computest Research Division for their assistance.
CoreCapture We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant- financial TianQiong Security Lab for their assistance.
ImageIO We would like to acknowledge Jzhu working with Trend Micro Zero Day Initiative and an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge Lauritz Holtmann (@lauritz) for their assistance.
WebKit We would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance.
Installation note:
This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6 jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ 8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3 CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98 od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk= =Avma -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-4724-1 February 08, 2021
openldap vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenLDAP.
Software Description: - openldap: Lightweight Directory Access Protocol
Details:
It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. (CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
It was discovered that OpenLDAP incorrectly handled Return Filter control handling. (CVE-2020-36227)
It was discovered that OpenLDAP incorrectly handled Certificate List Extract Assertion processing. (CVE-2020-36228)
It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. (CVE-2020-36229, CVE-2020-36230)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: slapd 2.4.53+dfsg-1ubuntu1.3
Ubuntu 20.04 LTS: slapd 2.4.49+dfsg-2ubuntu1.6
Ubuntu 18.04 LTS: slapd 2.4.45+dfsg-1ubuntu1.9
Ubuntu 16.04 LTS: slapd 2.4.42+dfsg-2ubuntu3.12
In general, a standard system update will make all the necessary changes.
For the stable distribution (buster), these problems have been fixed in version 2.4.47+dfsg-3+deb10u5.
We recommend that you upgrade your openldap packages
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1246", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "macos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "11.4" }, { "model": "macos", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "11.1" }, { "model": "openldap", "scope": "lt", "trust": 1.0, "vendor": "openldap", "version": "2.4.57" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "openldap", "scope": null, "trust": 0.8, "vendor": "openldap", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "apple mac os x", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "macos big sur", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015570" }, { "db": "NVD", "id": "CVE-2020-36227" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.4.57", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.4", "versionStartIncluding": "11.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36227" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ubuntu", "sources": [ { "db": "PACKETSTORM", "id": "161318" }, { "db": "CNNVD", "id": "CNNVD-202101-2289" } ], "trust": 0.7 }, "cve": "CVE-2020-36227", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-36227", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-384985", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-36227", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36227", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-2289", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-384985", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-36227", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-384985" }, { "db": "VULMON", "id": "CVE-2020-36227" }, { "db": "JVNDB", "id": "JVNDB-2020-015570" }, { "db": "NVD", "id": "CVE-2020-36227" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-2289" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-05-25-2 macOS Big Sur 11.4\n\nmacOS Big Sur 11.4 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212529. \n\nAMD\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30678: Yu Wang of Didi Research America\n\nAMD\nAvailable for: macOS Big Sur\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30676: shrek_wzw\n\nApp Store\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2021-30688: Thijs Alkemade of Computest Research Division\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30669: Yair Hoffmann\n\nAudio\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30707: hjy79425575 working with Trend Micro Zero Day\nInitiative\n\nAudio\nAvailable for: macOS Big Sur\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro\n\nCore Services\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2021-30681: Zhongcheng Li (CK01)\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30686: Mickey Jin of Trend Micro\n\nCrash Reporter\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30727: Cees Elzinga\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro\n\nDock\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to access a user\u0027s call\nhistory\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30673: Josh Parnham (@joshparnham)\n\nGraphics Drivers\nAvailable for: macOS Big Sur\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30684: Liu Long of Ant Security Light-Year Lab\n\nGraphics Drivers\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)\nworking with Trend Micro Zero Day Initiative\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: A local user may be able to leak sensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30697: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: A malicious application may cause a denial of service or\npotentially disclose memory contents\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30710: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: A malicious application could execute arbitrary code leading\nto compromise of user information\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30683: Gabe Kirkpatrick (@gabe_k)\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to disclosure\nof user information\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to disclosure\nof user information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of\nBaidu Security\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted ASTC file may disclose\nmemory contents\nDescription: This issue was addressed with improved checks. \nCVE-2021-30705: Ye Zhang of Baidu Security\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read issue was addressed by removing\nthe vulnerable code. \nCVE-2021-30719: an anonymous researcher working with Trend Micro Zero\nDay Initiative\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-30728: Liu Long of Ant Security Light-Year Lab\nCVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30740: Linus Henze (pinauten.de)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30704: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30715: The UK\u0027s National Cyber Security Centre (NCSC)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2021-30736: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nKext Management\nAvailable for: macOS Big Sur\nImpact: A local user may be able to load unsigned kernel extensions\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2021-30677: Ron Waisberg (@epsilan)\n\nLogin Window\nAvailable for: macOS Big Sur\nImpact: A person with physical access to a Mac may be able to bypass\nLogin Window\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30702: Jewel Lambert of Original Spin, LLC. \n\nMail\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nmisrepresent application state\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30696: Fabian Ising and Damian Poddebniak of M\u00fcnster\nUniversity of Applied Sciences\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro\nCVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro\nCVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro\nCVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-30693: Mickey Jin (@patch1t) \u0026 Junzhi Lu (@pwn0rz) of Trend\nMicro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30695: Mickey Jin (@patch1t) \u0026 Junzhi Lu (@pwn0rz) of Trend\nMicro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30708: Mickey Jin (@patch1t) \u0026 Junzhi Lu (@pwn0rz) of Trend\nMicro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: This issue was addressed with improved checks. \nCVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro\n\nNSOpenPanel\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2021-30679: Gabe Kirkpatrick (@gabe_k)\n\nOpenLDAP\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-36226\nCVE-2020-36227\nCVE-2020-36223\nCVE-2020-36224\nCVE-2020-36225\nCVE-2020-36221\nCVE-2020-36228\nCVE-2020-36222\nCVE-2020-36230\nCVE-2020-36229\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: An issue with path validation logic for hardlinks was\naddressed with improved path sanitization. \nCVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl\n(@theevilbit) of Offensive Security\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue in the ASN.1 decoder was\naddressed by removing the vulnerable code. \nCVE-2021-30737: xerub\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nperform denial of service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30716: Aleksandar Nikolic of Cisco Talos\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30717: Aleksandar Nikolic of Cisco Talos\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2021-30721: Aleksandar Nikolic of Cisco Talos\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2021-30722: Aleksandar Nikolic of Cisco Talos\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30712: Aleksandar Nikolic of Cisco Talos\n\nSoftware Update\nAvailable for: macOS Big Sur\nImpact: A person with physical access to a Mac may be able to bypass\nLogin Window during a software update\nDescription: This issue was addressed with improved checks. \nCVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro\n\nSoftwareUpdate\nAvailable for: macOS Big Sur\nImpact: A non-privileged user may be able to modify restricted\nsettings\nDescription: This issue was addressed with improved checks. \nCVE-2021-30718: SiQian Wei of ByteDance Security\n\nTCC\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to send unauthorized\nApple events to Finder\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-30671: Ryan Bell (@iRyanBell)\n\nTCC\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences. Apple is aware of a report that this issue may have been\nactively exploited. \nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2021-30713: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A cross-origin issue with iframe elements was addressed\nwith improved tracking of security origins. \nCVE-2021-30744: Dan Hite of jsontop\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-21779: Marcin Towalski of Cisco Talos\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30682: an anonymous researcher and 1lastBr3ath\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30689: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,\nASU. working with Trend Micro Zero Day Initiative\nCVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)\nworking with Trend Micro Zero Day Initiative\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to access restricted ports on\narbitrary servers\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30720: David Sch\u00fctz (@xdavidhu)\n\nWebRTC\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A null pointer dereference was addressed with improved\ninput validation. \nCVE-2021-23841: Tavis Ormandy of Google\nCVE-2021-30698: Tavis Ormandy of Google\n\nAdditional recognition\n\nApp Store\nWe would like to acknowledge Thijs Alkemade of Computest Research\nDivision for their assistance. \n\nCoreCapture\nWe would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-\nfinancial TianQiong Security Lab for their assistance. \n\nImageIO\nWe would like to acknowledge Jzhu working with Trend Micro Zero Day\nInitiative and an anonymous researcher for their assistance. \n\nMail Drafts\nWe would like to acknowledge Lauritz Holtmann (@_lauritz_) for their\nassistance. \n\nWebKit\nWe would like to acknowledge Chris Salls (@salls) of Makai Security\nfor their assistance. \n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6\njjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q\nvsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ\n8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o\nmuP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3\nCurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM\nhJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv\nesIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB\nmP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ\nrjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa\nWAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98\nod2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=\n=Avma\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-4724-1\nFebruary 08, 2021\n\nopenldap vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenLDAP. \n\nSoftware Description:\n- openldap: Lightweight Directory Access Protocol\n\nDetails:\n\nIt was discovered that OpenLDAP incorrectly handled Certificate Exact\nAssertion processing. (CVE-2020-36221)\n\nIt was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. \n(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)\n\nIt was discovered that OpenLDAP incorrectly handled Return Filter control\nhandling. (CVE-2020-36227)\n\nIt was discovered that OpenLDAP incorrectly handled Certificate List\nExtract Assertion processing. \n(CVE-2020-36228)\n\nIt was discovered that OpenLDAP incorrectly handled X.509 DN parsing. (CVE-2020-36229, CVE-2020-36230)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n slapd 2.4.53+dfsg-1ubuntu1.3\n\nUbuntu 20.04 LTS:\n slapd 2.4.49+dfsg-2ubuntu1.6\n\nUbuntu 18.04 LTS:\n slapd 2.4.45+dfsg-1ubuntu1.9\n\nUbuntu 16.04 LTS:\n slapd 2.4.42+dfsg-2ubuntu3.12\n\nIn general, a standard system update will make all the necessary changes. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.47+dfsg-3+deb10u5. \n\nWe recommend that you upgrade your openldap packages", "sources": [ { "db": "NVD", "id": "CVE-2020-36227" }, { "db": "JVNDB", "id": "JVNDB-2020-015570" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-384985" }, { "db": "VULMON", "id": "CVE-2020-36227" }, { "db": "PACKETSTORM", "id": "162820" }, { "db": "PACKETSTORM", "id": "162821" }, { "db": "PACKETSTORM", "id": "162826" }, { "db": "PACKETSTORM", "id": "161318" }, { "db": "PACKETSTORM", "id": "168991" } ], "trust": 2.79 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-384985", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-384985" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36227", "trust": 3.1 }, { "db": "PACKETSTORM", "id": "161318", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162820", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015570", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021052502", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021092209", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122914", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0828", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0788", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1794", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0429", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1305", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-2289", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "162826", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162821", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-384985", "trust": 0.1 }, { "db": "ICS CERT", "id": "ICSA-23-348-10", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-36227", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168991", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-384985" }, { "db": "VULMON", "id": "CVE-2020-36227" }, { "db": "JVNDB", "id": "JVNDB-2020-015570" }, { "db": "PACKETSTORM", "id": "162820" }, { "db": "PACKETSTORM", "id": "162821" }, { "db": "PACKETSTORM", "id": "162826" }, { "db": "PACKETSTORM", "id": "161318" }, { "db": "PACKETSTORM", "id": "168991" }, { "db": "NVD", "id": "CVE-2020-36227" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-2289" } ] }, "id": "VAR-202101-1246", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-384985" } ], "trust": 0.01 }, "last_update_date": "2023-12-26T22:25:44.649000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT212531", "trust": 0.8, "url": "https://www.debian.org/security/2021/dsa-4845" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-36227 log" }, { "title": "Debian Security Advisories: DSA-4845-1 openldap -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bcfc870108e33a879122af52d7b9ebb2" }, { "title": "Amazon Linux AMI: ALAS-2023-1741", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2023-1741" }, { "title": "Amazon Linux 2: ALAS2-2023-2033", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2023-2033" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-36227" }, { "db": "JVNDB", "id": "JVNDB-2020-015570" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-835", "trust": 1.1 }, { "problemtype": "infinite loop (CWE-835) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-384985" }, { "db": "JVNDB", "id": "JVNDB-2020-015570" }, { "db": "NVD", "id": "CVE-2020-36227" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://www.debian.org/security/2021/dsa-4845" }, { "trust": 1.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36227" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20210226-0002/" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht212529" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht212530" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht212531" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2021/may/70" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2021/may/65" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2021/may/64" }, { "trust": 1.8, "url": "https://bugs.openldap.org/show_bug.cgi?id=9428" }, { "trust": 1.8, "url": "https://git.openldap.org/openldap/openldap/-/commit/9d0e8485f3113505743baabf1167e01e4558ccf5" }, { "trust": 1.8, "url": "https://git.openldap.org/openldap/openldap/-/tags/openldap_rel_eng_2_4_57" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3cissues.bookkeeper.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3cissues.bookkeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3cissues.bookkeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3cissues.bookkeeper.apache.org%3e" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0828" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162820/apple-security-advisory-2021-05-25-4.html" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212529" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052502" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1305" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0788" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212531" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0429" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1794" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021092209" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/161318/ubuntu-security-notice-usn-4724-1.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122914" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36228" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36221" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36225" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36229" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36223" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36222" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36226" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36224" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36230" }, { "trust": 0.3, "url": "https://support.apple.com/downloads/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30669" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30676" }, { "trust": 0.3, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30679" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30678" }, { "trust": 0.3, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30681" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30683" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30684" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1884" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30671" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30685" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30673" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30693" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30687" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30691" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30692" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1883" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/835.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://security.archlinux.org/cve-2020-36227" }, { "trust": 0.1, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10" }, { "trust": 0.1, "url": "https://support.apple.com/ht212530." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30695" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30697" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30694" }, { "trust": 0.1, "url": "https://support.apple.com/ht212531." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30690" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30677" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30680" }, { "trust": 0.1, "url": "https://support.apple.com/ht212529." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30668" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4724-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.6" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openldap/2.4.53+dfsg-1ubuntu1.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.12" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/openldap" } ], "sources": [ { "db": "VULHUB", "id": "VHN-384985" }, { "db": "VULMON", "id": "CVE-2020-36227" }, { "db": "JVNDB", "id": "JVNDB-2020-015570" }, { "db": "PACKETSTORM", "id": "162820" }, { "db": "PACKETSTORM", "id": "162821" }, { "db": "PACKETSTORM", "id": "162826" }, { "db": "PACKETSTORM", "id": "161318" }, { "db": "PACKETSTORM", "id": "168991" }, { "db": "NVD", "id": "CVE-2020-36227" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-2289" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-384985" }, { "db": "VULMON", "id": "CVE-2020-36227" }, { "db": "JVNDB", "id": "JVNDB-2020-015570" }, { "db": "PACKETSTORM", "id": "162820" }, { "db": "PACKETSTORM", "id": "162821" }, { "db": "PACKETSTORM", "id": "162826" }, { "db": "PACKETSTORM", "id": "161318" }, { "db": "PACKETSTORM", "id": "168991" }, { "db": "NVD", "id": "CVE-2020-36227" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-2289" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-26T00:00:00", "db": "VULHUB", "id": "VHN-384985" }, { "date": "2021-01-26T00:00:00", "db": "VULMON", "id": "CVE-2020-36227" }, { "date": "2021-10-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015570" }, { "date": "2021-05-26T17:46:02", "db": "PACKETSTORM", "id": "162820" }, { "date": "2021-05-26T17:46:16", "db": "PACKETSTORM", "id": "162821" }, { "date": "2021-05-26T17:50:31", "db": "PACKETSTORM", "id": "162826" }, { "date": "2021-02-08T16:27:22", "db": "PACKETSTORM", "id": "161318" }, { "date": "2021-02-28T20:12:00", "db": "PACKETSTORM", "id": "168991" }, { "date": "2021-01-26T18:15:57.160000", "db": "NVD", "id": "CVE-2020-36227" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-01-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-2289" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-13T00:00:00", "db": "VULHUB", "id": "VHN-384985" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-36227" }, { "date": "2021-10-05T08:22:00", "db": "JVNDB", "id": "JVNDB-2020-015570" }, { "date": "2023-11-07T03:22:07.687000", "db": "NVD", "id": "CVE-2020-36227" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-12-30T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-2289" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "161318" }, { "db": "PACKETSTORM", "id": "168991" }, { "db": "CNNVD", "id": "CNNVD-202101-2289" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenLDAP\u00a0 Infinite loop vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015570" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-2289" } ], "trust": 1.2 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.