389-ds-base
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | 389 Directory Server (base) |
| Version |
3.0.1-2 [extra-testing] 3.0.1-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2206 | 2.0.3-2 | 2.0.7-1 | Medium | Fixed | |
| AVG-1482 | 1.4.4.4-5 | 2.0.2-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-3652 | AVG-2206 | Medium | Yes | Authentication bypass | In 389-ds-base before version 2.0.7, it was found that if an asterisk is imported as a password hash, either accidentally or maliciously, then instead of... |
| CVE-2021-3514 | AVG-2206 | Low | Yes | Denial of service | A security issue was found in 389-ds-base before version 2.0.5. When using a sync_repl client, an authenticated attacker can cause a NULL pointer... |
| CVE-2020-35518 | AVG-1482 | Medium | Yes | Information disclosure | A security issue was found in 389-ds-base starting from version 1.4.2.3. When binding against a DN during authentication, the reply from 389-ds-base will be... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 27 Jul 2021 | ASA-202107-72 | AVG-2206 | Medium | multiple issues |