1930272 – CVE-2020-35518 redhat-ds:11/389-ds-base: information disclosure during the binding of a DN [directory_server_11]

Bug 1930272 - CVE-2020-35518 redhat-ds:11/389-ds-base: information disclosure during the binding of a DN [directory_server_11]

Summary: CVE-2020-35518 redhat-ds:11/389-ds-base: information disclosure during the bi...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Deadline:	2021-12-07
Product:	Red Hat Directory Server
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	11.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	DS11.2
Target Release:	dirsrv-11.2
Assignee:	LDAP Maintainers
QA Contact:	RHDS QE
Docs Contact:	Marc Muehlfeld
URL:
Whiteboard:	sync-to-jira
Depends On:	1904991 1931182
Blocks:	CVE-2020-35518 1923217
TreeView+	depends on / blocked

Reported:	2021-02-18 15:58 UTC by sgouvern
Modified:	2021-05-05 18:41 UTC (History)
CC List:	9 users (show)
Fixed In Version:	redhat-ds-11-8030020210311231232.0b92cc7b
Doc Type:	No Doc Update
Doc Text:
Clone Of:	1904991
Environment:
Last Closed:	2021-04-19 09:54:31 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:1243	0	None	None	None	2021-04-19 09:55:08 UTC

Comment 3 bsmejkal 2021-03-17 07:43:06 UTC

============================================================================================================ test session starts =============================================================================================================
platform linux -- Python 3.6.8, pytest-6.2.2, py-1.10.0, pluggy-0.13.1 -- /usr/bin/python3.6
cachedir: .pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-4.18.0-240.8.1.el8_3.x86_64-x86_64-with-redhat-8.3-Ootpa', 'Packages': {'pytest': '6.2.2', 'py': '1.10.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.11.0', 'html': '3.1.1', 'libfaketime': '0.1.2'}}
389-ds-base: 1.4.3.21-2.module+el8dsrv+10309+dd9f990e
nss: 3.53.1-11.el8_2
nspr: 4.25.0-2.el8_2
openldap: 2.4.46-15.el8
cyrus-sasl: 2.1.27-5.el8
FIPS: disabled
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests, configfile: pytest.ini
plugins: metadata-1.11.0, html-3.1.1, libfaketime-0.1.2
collected 2 items                                                                                                                                                                                                                            

dirsrvtests/tests/suites/basic/basic_test.py::test_bind_entry_missing_passwd PASSED                                                                                                                                                    [ 50%]
dirsrvtests/tests/suites/basic/basic_test.py::test_bind_invalid_entry PASSED                                                                                                                                                           [100%]

============================================================================================================ 2 passed in 15.12s =============================================================================================================

Marking as VERIFIED.

Comment 5 errata-xmlrpc 2021-04-19 09:54:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: redhat-ds:11 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1243

Note You need to log in before you can comment on or make changes to this bug.