Oval Definition:oval:org.opensuse.security:def:202035518
Revision Date:2022-09-02Version:1
Title:CVE-2020-35518
Description:

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2020-35518
SUSE CVE-2020-35518
SUSE-CU-2021:178-1
SUSE-SU-2021:0724-1
openSUSE-SU-2021:0418-1
Platform(s):openSUSE Leap 15.2
openSUSE Leap 15.3 SLE Imports
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Server Applications 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.3 SLE Imports is installed
  • AND Package Information
  • 389-ds-1.4.3.19~git0.bef0b5bed-3.12.1 is installed
  • AND 389-ds is signed with openSUSE key
  • OR
  • 389-ds-devel-1.4.3.19~git0.bef0b5bed-3.12.1 is installed
  • AND 389-ds-devel is signed with openSUSE key
  • OR
  • 389-ds-snmp-1.4.3.19~git0.bef0b5bed-3.12.1 is installed
  • AND 389-ds-snmp is signed with openSUSE key
  • OR
  • lib389-1.4.3.19~git0.bef0b5bed-3.12.1 is installed
  • AND lib389 is signed with openSUSE key
  • OR
  • libsvrcore0-1.4.3.19~git0.bef0b5bed-3.12.1 is installed
  • AND libsvrcore0 is signed with openSUSE key
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed
  • AND Package Information
  • 389-ds-1.4.3.19~git0.bef0b5bed-3.12.1 is installed
  • OR 389-ds-devel-1.4.3.19~git0.bef0b5bed-3.12.1 is installed
  • OR lib389-1.4.3.19~git0.bef0b5bed-3.12.1 is installed
  • OR libsvrcore0-1.4.3.19~git0.bef0b5bed-3.12.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • 389-ds-1.4.3.19~git0.bef0b5bed-lp152.2.12.1 is installed
  • AND 389-ds is signed with openSUSE key
  • OR
  • 389-ds-devel-1.4.3.19~git0.bef0b5bed-lp152.2.12.1 is installed
  • AND 389-ds-devel is signed with openSUSE key
  • OR
  • 389-ds-snmp-1.4.3.19~git0.bef0b5bed-lp152.2.12.1 is installed
  • AND 389-ds-snmp is signed with openSUSE key
  • OR
  • lib389-1.4.3.19~git0.bef0b5bed-lp152.2.12.1 is installed
  • AND lib389 is signed with openSUSE key
  • OR
  • libsvrcore0-1.4.3.19~git0.bef0b5bed-lp152.2.12.1 is installed
  • AND libsvrcore0 is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP2 is installed
  • OR SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed
  • OR SUSE Linux Enterprise Server 15 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • OR SUSE Linux Enterprise Storage 7 is installed
  • OR SUSE Manager Proxy 4.1 is installed
  • OR SUSE Manager Retail Branch Server 4.1 is installed
  • OR SUSE Manager Server 4.1 is installed
  • AND Package Information
  • 389-ds-1.4.3.19~git0.bef0b5bed-3.12.1 is installed
  • OR 389-ds-devel-1.4.3.19~git0.bef0b5bed-3.12.1 is installed
  • OR lib389-1.4.3.19~git0.bef0b5bed-3.12.1 is installed
  • OR libsvrcore0-1.4.3.19~git0.bef0b5bed-3.12.1 is installed
    • BACK