python-ldap Escape Filter Characters Sanitization Bypass Vulnerability

A vulnerability exists in the python-ldap library, specifically in versions prior to 3.4.5, within the method 'ldap.filter.escape_filter_chars'. This method can be manipulated to bypass proper escaping of special characters when a crafted list or dictionary is provided as the 'assertion_value' parameter, and the non-default 'escape_mode=1' is set. The issue arises because 'escape_mode=0' (default) and 'escape_mode=2' raise exceptions when given a list or dictionary, while 'escape_mode=1' processes the input without adequate validation, potentially allowing LDAP injection attacks that could access or alter restricted LDAP data.

Impact

Exploitation of this vulnerability could lead to LDAP injection attacks, allowing an attacker to access or manipulate LDAP data that should be off-limits.

Reproduction

The vulnerability can be reproduced by calling the 'ldap.filter.escape_filter_chars' method with a list or dictionary as the 'assertion_value' parameter and setting 'escape_mode' to 1. This combination will result in the method skipping proper escaping of special characters, creating a potential injection vector.

Remediation

Users can upgrade to python-ldap version 3.4.5 or later, where this vulnerability has been fixed by enforcing a string input requirement in the 'escape_filter_chars' method when 'escape_mode=1' is used.