CVE-2020-35518

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "vendor_product": "redhat:directory_server",
            "extracted_events": [
                {
                    "last_affected": "11.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:redhat:directory_server:11.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                },
                {
                    "last_affected": "8.0"
                }
            ],
            "vendor_product": "redhat:enterprise_linux",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
            ]
        }
    ]
}

References

Affected packages

Git / github.com/389ds/389-ds-base

Affected ranges

Type

GIT

Repo

https://github.com/389ds/389-ds-base

Events

Introduced

Fixed

bef0b5bed0f6f32557a862debf25c5dc9d001256

Introduced

5fc54f4343fca0511f24af29915365a1988a841d

Fixed

6841d693fcec1636cc3ba7a9be58b4e1b276400a

Introduced

cdaa81c5085c3188a5a8e19561cede093a3dd3fd

Fixed

a355b30b213432b7e53035f46ec70c502aadfb36

Fixed

b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32

Fixed

cc0f69283abc082488824702dae485b8eae938bc

Database specific

{
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:o:redhat:389_directory_server:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.3.19"
        },
        {
            "introduced": "1.4.4.0"
        },
        {
            "fixed": "1.4.4.13"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.0.3"
        }
    ]
}

Affected versions

389-ds-base-1.*

389-ds-base-1.2.10.a1

389-ds-base-1.2.10.a2

389-ds-base-1.2.10.a3

389-ds-base-1.2.10.a4

389-ds-base-1.2.10.a5

389-ds-base-1.2.10.a6

389-ds-base-1.2.10.a7

389-ds-base-1.2.10.a8

389-ds-base-1.2.10.rc1

389-ds-base-1.2.11.a1

389-ds-base-1.2.3

389-ds-base-1.2.4

389-ds-base-1.2.5.a1

389-ds-base-1.2.5.rc1

389-ds-base-1.2.5.rc2

389-ds-base-1.2.5.rc3

389-ds-base-1.2.5.rc4

389-ds-base-1.2.6.a1

389-ds-base-1.2.6.a2

389-ds-base-1.2.6.a3

389-ds-base-1.2.6.a4

389-ds-base-1.2.6.rc1

389-ds-base-1.2.6.rc2

389-ds-base-1.2.6.rc3

389-ds-base-1.2.7

389-ds-base-1.2.7.1

389-ds-base-1.2.7.2

389-ds-base-1.2.7.3

389-ds-base-1.2.7.4

389-ds-base-1.2.7.a1

389-ds-base-1.2.7.a2

389-ds-base-1.2.7.a3

389-ds-base-1.2.7.a4

389-ds-base-1.2.7.a5

389-ds-base-1.2.8.a1

389-ds-base-1.2.8.a2

389-ds-base-1.2.9.0

389-ds-base-1.2.9.1

389-ds-base-1.2.9.2

389-ds-base-1.2.9.3

389-ds-base-1.2.9.4

389-ds-base-1.2.9.5

389-ds-base-1.2.9.a1

389-ds-base-1.2.9.a2

389-ds-base-1.3.0.a1

389-ds-base-1.3.0.rc1

389-ds-base-1.3.5.0

389-ds-base-1.3.5.1

389-ds-base-1.3.5.10

389-ds-base-1.3.5.11

389-ds-base-1.3.5.12

389-ds-base-1.3.5.13

389-ds-base-1.3.5.2

389-ds-base-1.3.5.3

389-ds-base-1.3.5.4

389-ds-base-1.3.5.5

389-ds-base-1.3.5.6

389-ds-base-1.3.5.7

389-ds-base-1.3.5.8

389-ds-base-1.3.5.9

389-ds-base-1.3.6.0

389-ds-base-1.3.6.1

389-ds-base-1.3.6.2

389-ds-base-1.3.6.3

389-ds-base-1.3.6.4

389-ds-base-1.3.7.0

389-ds-base-1.3.7.2

389-ds-base-1.3.7.3

389-ds-base-1.3.7.4

389-ds-base-1.4.0.0

389-ds-base-1.4.0.1

389-ds-base-1.4.0.10

389-ds-base-1.4.0.11

389-ds-base-1.4.0.12

389-ds-base-1.4.0.13

389-ds-base-1.4.0.14

389-ds-base-1.4.0.15

389-ds-base-1.4.0.16

389-ds-base-1.4.0.17

389-ds-base-1.4.0.18

389-ds-base-1.4.0.19

389-ds-base-1.4.0.2

389-ds-base-1.4.0.20

389-ds-base-1.4.0.3

389-ds-base-1.4.0.4

389-ds-base-1.4.0.5

389-ds-base-1.4.0.6

389-ds-base-1.4.0.7

389-ds-base-1.4.0.8

389-ds-base-1.4.0.9

389-ds-base-1.4.1.0

389-ds-base-1.4.1.1

389-ds-base-1.4.1.2

389-ds-base-1.4.1.3

389-ds-base-1.4.1.4

389-ds-base-1.4.1.5

389-ds-base-1.4.1.6

389-ds-base-1.4.2.1

389-ds-base-1.4.2.2

389-ds-base-1.4.2.3

389-ds-base-1.4.2.4

389-ds-base-1.4.2.5

389-ds-base-1.4.3.1

389-ds-base-1.4.3.10

389-ds-base-1.4.3.11

389-ds-base-1.4.3.12

389-ds-base-1.4.3.13

389-ds-base-1.4.3.14

389-ds-base-1.4.3.15

389-ds-base-1.4.3.16

389-ds-base-1.4.3.17

389-ds-base-1.4.3.18

389-ds-base-1.4.3.2

389-ds-base-1.4.3.3

389-ds-base-1.4.3.4

389-ds-base-1.4.3.5

389-ds-base-1.4.3.6

389-ds-base-1.4.3.7

389-ds-base-1.4.3.8

389-ds-base-1.4.3.9

389-ds-base-1.4.4.0

389-ds-base-1.4.4.1

389-ds-base-1.4.4.10

389-ds-base-1.4.4.11

389-ds-base-1.4.4.12

389-ds-base-1.4.4.2

389-ds-base-1.4.4.3

389-ds-base-1.4.4.4

389-ds-base-1.4.4.5

389-ds-base-1.4.4.7

389-ds-base-1.4.4.8

389-ds-base-1.4.4.9

389-ds-base-2.*

389-ds-base-2.0.0

389-ds-base-2.0.0.0

389-ds-base-2.0.1

389-ds-base-2.0.2

Other

Directory_Server_8_1_Candidate_20090324

FedoraDirSvr10

FedoraDirSvr110a1

FedoraDirSvr110a2

FedoraDirSvr110a3

FedoraDirSvr110a3_20070320

FedoraDirSvr110a4

FedoraDirSvr110a4_20070720

FedoraDirSvr110b1

FedoraDirSvr110b1_20070813

FedoraDirSvr110b1_20070816

FedoraDirSvr110b2

FedoraDirSvr110b2_20071107

FedoraDirSvr111

FedoraDirSvr111_20080530

FedoraDirSvr_1_1_2

FedoraDirSvr_1_1_2_20080904

FedoraDirSvr_1_1_2_RC

FedoraDirSvr_1_1_2_RC2

FedoraDirSvr_1_1_2_RC_20080828

FedoraDirSvr_1_1_3_20080923

FedoraDirSvr_20051103_RTC

before-merge-nunc-stans

ldapserver7x

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35518.json"