CVE-2019-1010283
Description
Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=12.0.1-3
- Univention Corporate Server/univention-directory-notifierv5Range: 12.0.1-3 and earlier [fixed: 12.0.1-4 and later]
Patches
Vulnerability mechanics
Root cause
"The univention-directory-notifier component improperly handles the GET_DN command for protocol versions 3 and above."
Attack vector
An attacker with network connectivity can send a specially crafted GET_DN command to the univention-directory-notifier service. This command is processed by the data_on_connection function. The vulnerability exists when the client's protocol version is greater than 0 and less than 3, allowing for unintended information exposure.
Affected code
The vulnerability resides in the data_on_connection() function within the src/callback.c file. Specifically, the code block handling the 'GET_DN ' command is affected. The commit references a change in the condition `version > PROTOCOL_UNKNOWN && version < PROTOCOL_3` [ref_id=1].
What the fix does
The patch modifies the condition in the data_on_connection function to explicitly forbid the vulnerable GET_DN command when the protocol version is 3 or greater. This change ensures that the GET_DN command is only processed for versions prior to 3, preventing the intentional information exposure.
Preconditions
- networkNetwork connectivity to the affected service is required.
- inputThe attacker must send a 'GET_DN ' command with a message ID and a client protocol version greater than 0 and less than 3.
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- forge.univention.org/bugzilla/show_bug.cgimitrex_refsource_MISC
- github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.