Vulnerability CVE-2020-35518

Vulnerability Name:

CVE-2020-35518 (CCN-198871)

Assigned:

2020-12-07

Published:

2020-12-07

Updated:

2022-08-05

Summary:

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-203
CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-35518

Source: CCN
Type: Red Hat Bugzilla - Bug 1905565
(CVE-2020-35518) - CVE-2020-35518 389-ds-base: information disclosure during the binding of a DN

Source: MISC
Type: Issue Tracking, Patch, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1905565

Source: XF
Type: UNKNOWN
389ds-cve202035518-info-disc(198871)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc

Source: CCN
Type: 389-ds-base GIT Repository
Unexpected info returned to ldap request #4480

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/389ds/389-ds-base/issues/4480

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-35518

Vulnerable Configuration:

Configuration 1:

cpe:/o:redhat:389_directory_server:*:*:*:*:*:*:*:* (Version >= 2.0.0 and < 2.0.3)

OR cpe:/o:redhat:389_directory_server:*:*:*:*:*:*:*:* (Version >= 1.4.4.0 and < 1.4.4.13)

OR cpe:/o:redhat:389_directory_server:*:*:*:*:*:*:*:* (Version < 1.4.3.19)

Configuration 2:

cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:directory_server:11.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/o:redhat:389_directory_server:1.4.2.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8021	P	jackson-dataformat-cbor-2.13.0-150200.3.3.3 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:102227	P	Security update for openssh (Important)	2021-12-22
oval:com.redhat.rhsa:def:20212323	P	RHSA-2021:2323: 389-ds-base security and bug fix update (Moderate)	2021-06-08
oval:com.redhat.rhsa:def:20211086	P	RHSA-2021:1086: 389-ds:1.4 security and bug fix update (Moderate)	2021-04-06
oval:org.opensuse.security:def:111269	P	Security update for 389-ds (Moderate)	2021-03-16
oval:org.opensuse.security:def:102792	P	Security update for 389-ds (Moderate)	2021-03-08
oval:org.opensuse.security:def:95514	P	Security update for 389-ds (Moderate)	2021-03-08
oval:org.opensuse.security:def:108893	P	Security update for 389-ds (Moderate)	2021-03-08
oval:org.opensuse.security:def:118554	P	Security update for 389-ds (Moderate)	2021-03-08
oval:org.opensuse.security:def:76123	P	Security update for 389-ds (Moderate)	2021-03-08
oval:org.opensuse.security:def:96102	P	Security update for 389-ds (Moderate)	2021-03-08
oval:org.opensuse.security:def:109458	P	Security update for 389-ds (Moderate)	2021-03-08
oval:org.opensuse.security:def:67055	P	Security update for 389-ds (Moderate)	2021-03-08
oval:org.opensuse.security:def:97272	P	Security update for 389-ds (Moderate)	2021-03-08
oval:org.opensuse.security:def:5966	P	Security update for 389-ds (Moderate)	2021-03-08
oval:org.opensuse.security:def:69110	P	Security update for 389-ds (Moderate)	2021-03-08

BACK