CVE-2022-29155 In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, which is vulnerable to SQL injection.

CVE-2022-29155 In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, which is vulnerable to SQL injection.

A remote attacker may leverage this vulnerability to perform SQL injection and may also obtain additional system privileges.

OpenLDAP is updated to 2.5.13 and 2.6.3 which address this issue. End-users should update to these releases.

Red Hat Enterprise Linux 6 and 7 are affected by a critical privilege escalation issue in the Samba LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access to this vulnerable server to run commands with root privileges.
A patch has been released for Red Hat Enterprise Linux 6 and 7. End-users are encouraged to update to these releases.

Red Hat Enterprise Linux 6 and 7 are affected by a critical privilege escalation issue in the Samba LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access to this vulnerable server to run commands with root privileges.A patch has been released for Red Hat Enterprise Linux 6 and 7. End-users are encouraged to update to these releases.
Red Hat Enterprise Linux 5 and 6 are affected by a critical privilege escalation issue in the Samba LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access

Red Hat Enterprise Linux 6 and 7 are affected by a critical privilege escalation issue in the Samba LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access to this vulnerable server to run commands with root privileges.A patch has been released for Red Hat Enterprise Linux 6 and 7. End-users are encouraged to update to these releases.

Red Hat Enterprise Linux 6 and 7 are affected by a critical privilege escalation issue in the Samba LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access to this vulnerable server to run commands with root privileges.A patch has been released for Red Hat Enterprise Linux 6 and 7. End-users are encouraged to update to these releases..

Red Hat Enterprise Linux 5 and 6 are affected by a critical privilege escalation issue in the Samba

LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access to this vulnerable server to run commands with root privileges.
A patch has been released for Red Hat Enterprise Linux 6 and 7. End-users are encouraged to update to these releases.
Red Hat Enterprise Linux 5 and 6 are affected by a critical privilege escalation issue in the Samba LDAP server. A user with the “root” account may create a trusted smb:/ path into which they may place arbitrary SQL commands. This allows an attacker with network access to this vulnerable server to run commands with root privileges.A patch has been released for Red Hat Enterprise Linux 6 and 7. End-users are encouraged to update to these releases.
OpenLDAP is updated to 2.5.13 and 2.6.3 which address this issue, so you should upgrade your OpenLDAP installation too!

Important Information

A remote attacker may leverage this vulnerability to perform SQL injection and may also obtain additional system privileges.OpenLDAP is updated to 2.5.13 and 2.6.3 which address this issue. End-users should update to these releases.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe