1923217 – CVE-2020-35518 RHDS: information disclosure during the binding of a DN

Bug 1923217 - CVE-2020-35518 RHDS: information disclosure during the binding of a DN

Summary: CVE-2020-35518 RHDS: information disclosure during the binding of a DN

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Deadline:	2021-12-07
Product:	Red Hat Directory Server
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	11.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	mreynolds
QA Contact:	RHDS QE
Docs Contact:	Marc Muehlfeld
URL:
Whiteboard:	sync-to-jira
Depends On:	1904991 1930272 1931182
Blocks:	CVE-2020-35518
TreeView+	depends on / blocked

Reported:	2021-02-01 15:14 UTC by mreynolds
Modified:	2021-04-06 14:34 UTC (History)
CC List:	7 users (show)
Fixed In Version:	redhat-ds-11-8020020210129202022-51c5a973
Doc Type:	No Doc Update
Doc Text:
Clone Of:	1904991
Environment:
Last Closed:	2021-02-16 18:30:27 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:0599	0	None	None	None	2021-02-16 18:30:46 UTC

Comment 3 sgouvern 2021-02-09 14:34:12 UTC

with 389-ds-base-1.4.2.12-4.module+el8dsrv+9724+324d713e.x86_64


# py.test -s -v dirsrvtests/tests/suites/basic/basic_test.py::test_bind_invalid_entry
re-exec with libfaketime dependencies
========================================================================= test session starts ==========================================================================
platform linux -- Python 3.6.8, pytest-6.2.2, py-1.10.0, pluggy-0.13.1 -- /usr/bin/python3.6
cachedir: .pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-4.18.0-193.el8.x86_64-x86_64-with-redhat-8.2-Ootpa', 'Packages': {'pytest': '6.2.2', 'py': '1.10.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.11.0', 'html': '3.1.1', 'libfaketime': '0.1.2'}}
389-ds-base: 1.4.2.12-4.module+el8dsrv+9724+324d713e
nss: 3.44.0-15.el8
nspr: 4.21.0-2.el8_0
openldap: 2.4.46-11.el8
cyrus-sasl: 2.1.27-1.el8
FIPS: disabled
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests, configfile: pytest.ini
plugins: metadata-1.11.0, html-3.1.1, libfaketime-0.1.2
collected 1 item                                                                                                                                                       

dirsrvtests/tests/suites/basic/basic_test.py::test_bind_invalid_entry

INFO:dirsrvtests.tests.suites.basic.basic_test:test_bind_invalid_entry: PASSED

=================================================================== 1 passed, 16 warnings in 16.48s ====================================================================

Marking as verified

Comment 6 errata-xmlrpc 2021-02-16 18:30:27 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: redhat-ds:11 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:0599

Note You need to log in before you can comment on or make changes to this bug.