rpm package
suse/389-ds&distro=SUSE Linux Enterprise Module for Server Applications 15 SP2
pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3652 | — | < 1.4.3.24~git13.7b705e743-3.19.1 | 1.4.3.24~git13.7b705e743-3.19.1 | Apr 18, 2022 | A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whos | ||
| CVE-2021-3514 | — | < 1.4.3.23~git0.f53d0132b-3.15.1 | 1.4.3.23~git0.f53d0132b-3.15.1 | May 28, 2021 | When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash. | ||
| CVE-2020-35518 | — | < 1.4.3.19~git0.bef0b5bed-3.12.1 | 1.4.3.19~git0.bef0b5bed-3.12.1 | Mar 26, 2021 | When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. |
- CVE-2021-3652Apr 18, 2022affected < 1.4.3.24~git13.7b705e743-3.19.1fixed 1.4.3.24~git13.7b705e743-3.19.1
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whos
- CVE-2021-3514May 28, 2021affected < 1.4.3.23~git0.f53d0132b-3.15.1fixed 1.4.3.23~git0.f53d0132b-3.15.1
When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.
- CVE-2020-35518Mar 26, 2021affected < 1.4.3.19~git0.bef0b5bed-3.12.1fixed 1.4.3.19~git0.bef0b5bed-3.12.1
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.