CVE-2023-1055 – RHDS: LDAP browser tries to decode userPassword instead of userCertificate attribute
https://notcve.org/view.php?id=CVE-2023-1055
A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality. A flaw was found in RHDS 11 and 12. • https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI https://access.redhat.com/security/cve/CVE-2023-1055 https://bugzilla.redhat.com/show_bug.cgi?id=2173517 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-295: Improper Certificate Validation •
CVE-2022-2850 – 389-ds-base: SIGSEGV in sync_repl
https://notcve.org/view.php?id=CVE-2022-2850
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. Se ha encontrado un fallo en 389-ds-base. • https://access.redhat.com/security/cve/CVE-2022-2850 https://bugzilla.redhat.com/show_bug.cgi?id=2118691 https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html • CWE-476: NULL Pointer Dereference •
CVE-2022-1949
https://notcve.org/view.php?id=CVE-2022-1949
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. Una vulnerabilidad de omisión de control de acceso encontrada en 389-ds-base. Ese manejo inapropiado del filtro que daría resultados incorrectos, pero a medida que ha avanzado, puede determinarse que en realidad es una omisión de control de acceso. • https://bugzilla.redhat.com/show_bug.cgi?id=2091781 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2022-0996 – 389-ds-base: expired password was still allowed to access the database
https://notcve.org/view.php?id=CVE-2022-0996
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. Se encontró una vulnerabilidad en 389 Directory Server que permite que las contraseñas caducadas accedan a la base de datos para causar una autenticación inapropiada A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication. • https://bugzilla.redhat.com/show_bug.cgi?id=2064769 https://github.com/ByteHackr/389-ds-base https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F https://access.redhat.com/security/cve/CVE-2022-0996 • CWE-287: Improper Authentication •
CVE-2021-3514 – 389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()
https://notcve.org/view.php?id=CVE-2021-3514
When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash. Cuando es usado un cliente sync_repl en 389-ds-base, un atacante autenticado puede causar una desreferencia del puntero NULL usando una consulta especialmente diseñada, causando un bloqueo A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is to system availability. • https://github.com/389ds/389-ds-base/issues/4711 https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html https://access.redhat.com/security/cve/CVE-2021-3514 https://bugzilla.redhat.com/show_bug.cgi?id=1952907 • CWE-476: NULL Pointer Dereference •