Bug 1930272

Summary: CVE-2020-35518 redhat-ds:11/389-ds-base: information disclosure during the binding of a DN [directory_server_11]
Product: Red Hat Directory Server Reporter: sgouvern
Component: 389-ds-baseAssignee: LDAP Maintainers <ldap-maint>
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: medium Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: medium    
Version: 11.2CC: bsmejkal, cbuissar, ds-qe-bugs, ldap-maint, mreynolds, sgouvern, tbordaz, tkubota, tscherf
Target Milestone: DS11.2Keywords: Security, SecurityTracking, TestCaseProvided, Triaged, ZStream
Target Release: dirsrv-11.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: sync-to-jira
Fixed In Version: redhat-ds-11-8030020210311231232.0b92cc7b Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 1904991 Environment:
Last Closed: 2021-04-19 09:54:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1904991, 1931182    
Bug Blocks: 1905565, 1923217    
Deadline: 2021-12-07   

Comment 3 bsmejkal 2021-03-17 07:43:06 UTC 
============================================================================================================ test session starts =============================================================================================================
platform linux -- Python 3.6.8, pytest-6.2.2, py-1.10.0, pluggy-0.13.1 -- /usr/bin/python3.6
cachedir: .pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-4.18.0-240.8.1.el8_3.x86_64-x86_64-with-redhat-8.3-Ootpa', 'Packages': {'pytest': '6.2.2', 'py': '1.10.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.11.0', 'html': '3.1.1', 'libfaketime': '0.1.2'}}
389-ds-base: 1.4.3.21-2.module+el8dsrv+10309+dd9f990e
nss: 3.53.1-11.el8_2
nspr: 4.25.0-2.el8_2
openldap: 2.4.46-15.el8
cyrus-sasl: 2.1.27-5.el8
FIPS: disabled
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests, configfile: pytest.ini
plugins: metadata-1.11.0, html-3.1.1, libfaketime-0.1.2
collected 2 items                                                                                                                                                                                                                            

dirsrvtests/tests/suites/basic/basic_test.py::test_bind_entry_missing_passwd PASSED                                                                                                                                                    [ 50%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_invalid_entry PASSED                                                                                                                                                           [100%]

============================================================================================================ 2 passed in 15.12s =============================================================================================================

Marking as VERIFIED.
Comment 5 errata-xmlrpc 2021-04-19 09:54:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: redhat-ds:11 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1243