389-ds-base

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description 389 Directory Server (base)
Version 2.0.10-3 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2206 2.0.3-2 2.0.7-1 Medium Fixed
AVG-1482 1.4.4.4-5 2.0.2-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-3652 AVG-2206 Medium Yes Authentication bypass
In 389-ds-base before version 2.0.7, it was found that if an asterisk is imported as a password hash, either accidentally or maliciously, then instead of...
CVE-2021-3514 AVG-2206 Low Yes Denial of service
A security issue was found in 389-ds-base before version 2.0.5. When using a sync_repl client, an authenticated attacker can cause a NULL pointer...
CVE-2020-35518 AVG-1482 Medium Yes Information disclosure
A security issue was found in 389-ds-base starting from version 1.4.2.3. When binding against a DN during authentication, the reply from 389-ds-base will be...

Advisories

Date Advisory Group Severity Type
27 Jul 2021 ASA-202107-72 AVG-2206 Medium multiple issues