CVE-2022-29155 In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, which is vulnerable to SQL injection.
A remote attacker may leverage this vulnerability to perform SQL injection and may also obtain additional system privileges.
OpenLDAP is updated to 2.5.13 and 2.6.3 which address this issue. End-users should update to these releases.
Red Hat Enterprise Linux 6 and 7 are affected by a critical privilege escalation issue in the Samba LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access to this vulnerable server to run commands with root privileges.
A patch has been released for Red Hat Enterprise Linux 6 and 7. End-users are encouraged to update to these releases.
Red Hat Enterprise Linux 6 and 7 are affected by a critical privilege escalation issue in the Samba LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access to this vulnerable server to run commands with root privileges.A patch has been released for Red Hat Enterprise Linux 6 and 7. End-users are encouraged to update to these releases.
Red Hat Enterprise Linux 5 and 6 are affected by a critical privilege escalation issue in the Samba LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access
Red Hat Enterprise Linux 6 and 7 are affected by a critical privilege escalation issue in the Samba LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access to this vulnerable server to run commands with root privileges.A patch has been released for Red Hat Enterprise Linux 6 and 7. End-users are encouraged to update to these releases.
Red Hat Enterprise Linux 6 and 7 are affected by a critical privilege escalation issue in the Samba LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access to this vulnerable server to run commands with root privileges.A patch has been released for Red Hat Enterprise Linux 6 and 7. End-users are encouraged to update to these releases..
Red Hat Enterprise Linux 5 and 6 are affected by a critical privilege escalation issue in the Samba
LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access to this vulnerable server to run commands with root privileges.
A patch has been released for Red Hat Enterprise Linux 6 and 7. End-users are encouraged to update to these releases.
Red Hat Enterprise Linux 5 and 6 are affected by a critical privilege escalation issue in the Samba LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access to this vulnerable server to run commands with root privileges.A patch has been released for Red Hat Enterprise Linux 6 and 7. End-users are encouraged to update to these releases.
OpenLDAP is updated to 2.5.13 and 2.6.3 which address this issue, so you should upgrade your OpenLDAP installation too!
Important Information
A remote attacker may leverage this vulnerability to perform SQL injection and may also obtain additional system privileges.OpenLDAP is updated to 2.5.13 and 2.6.3 which address this issue. End-users should update to these releases.
Timeline
Published on: 05/04/2022 20:15:00 UTC
Last modified on: 06/09/2022 19:15:00 UTC