Описание
Low: 389-ds:1.4 security and bug fix update
389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
Security Fix(es):
- 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed (CVE-2021-3652)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
A plugin can create an index. Even if the index can be used immediately (for searches) the index remains offline until further reindex (BZ#1983095)
-
On big endian machine, the server fails to identify the operation type (BZ#1980063)
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 1980063
- Red Hat - 1982782
- Red Hat - 1983095
- Red Hat - 1984091
Связанные уязвимости
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.
A flaw was found in 389-ds-base. If an asterisk is imported as passwor ...
