CVE-2020-35518: Infoleak
First published: Tue Dec 08 2020(Updated: )
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/389-ds-base | <2.0.3 | 2.0.3 |
| redhat/389-ds-base | <1.4.4.13 | 1.4.4.13 |
| redhat/389-ds-base | <1.4.3.19 | 1.4.3.19 |
| Redhat 389 Directory Server | <1.4.3.19 | |
| Redhat 389 Directory Server | >=1.4.4.0<1.4.4.13 | |
| Redhat 389 Directory Server | >=2.0.0<2.0.3 | |
| Redhat Directory Server | =11.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1905565
- https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32
- https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc
- https://github.com/389ds/389-ds-base/issues/4480
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1908653
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1905565#c12
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1905565#c13
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1905565#c15
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1904991#c12
- https://access.redhat.com/errata/RHSA-2021:0599
- https://access.redhat.com/errata/RHSA-2021:1086
- https://access.redhat.com/security/cve/cve-2020-35518
- https://access.redhat.com/errata/RHSA-2021:1243
- https://access.redhat.com/errata/RHSA-2021:1258
- https://access.redhat.com/errata/RHSA-2021:2323
Frequently Asked Questions
What is CVE-2020-35518?
CVE-2020-35518 is a vulnerability in 389-ds-base that allows an unauthenticated attacker to check the existence of an entry in the LDAP database.
What is the severity of CVE-2020-35518?
CVE-2020-35518 has a severity score of 5.3, which is considered medium.
Which software versions are affected by CVE-2020-35518?
CVE-2020-35518 affects 389-ds-base versions 1.4.3.19 up to, but not including, 2.0.3.
How can an unauthenticated attacker exploit CVE-2020-35518?
An unauthenticated attacker can exploit CVE-2020-35518 by binding against a DN during authentication and observing the different replies from 389-ds-base to determine the existence of an entry in the LDAP database.
Where can I find more information about CVE-2020-35518?
You can find more information about CVE-2020-35518 at the following references: [Link 1](https://bugzilla.redhat.com/show_bug.cgi?id=1905565), [Link 2](https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32), [Link 3](https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-35518
- agent/software-canonical-lookup
- vendor/redhat
- canonical/redhat 389 directory server
- version/redhat 389 directory server/1.4.4.0
- version/redhat 389 directory server/2.0.0
- canonical/redhat directory server
- version/redhat directory server/11.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- package-manager/redhat