cnvd - cnvd-2020-03178

cnvd-2020-03178

Vulnerability from cnvd

Title: Red Hat 389 Directory Server信息泄露漏洞（CNVD-2020-03178）

Description:

Red Hat 389 Directory Server是一款企业级的Linux目录服务器。

Red Hat 389 Directory Server verbose模式存在安全漏洞，远程攻击者可以利用漏洞提交特殊的请求，可获取敏感信息。

Severity: 低

Patch Name: Red Hat 389 Directory Server信息泄露漏洞（CNVD-2020-03178）的补丁

Patch Description:

Red Hat 389 Directory Server是一款企业级的Linux目录服务器。

Red Hat 389 Directory Server verbose模式存在安全漏洞，远程攻击者可以利用漏洞提交特殊的请求，可获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布相关漏洞补丁链接，请及时更新： https://access.redhat.com/errata/RHSA-2019:3401

Reference: https://access.redhat.com/errata/RHSA-2019:3401

Impacted products

Name
Red Hat 389 Directory Server >=1.4.0.0，<1.4.1.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-10224",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-10224"
    }
  },
  "description": "Red Hat 389 Directory Server\u662f\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u7684Linux\u76ee\u5f55\u670d\u52a1\u5668\u3002\n\nRed Hat 389 Directory Server verbose\u6a21\u5f0f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u76f8\u5173\u6f0f\u6d1e\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://access.redhat.com/errata/RHSA-2019:3401",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-03178",
  "openTime": "2020-01-21",
  "patchDescription": "Red Hat 389 Directory Server\u662f\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u7684Linux\u76ee\u5f55\u670d\u52a1\u5668\u3002\r\n\r\nRed Hat 389 Directory Server verbose\u6a21\u5f0f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Red Hat 389 Directory Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-03178\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Red Hat 389 Directory Server \u003e=1.4.0.0\uff0c\u003c1.4.1.3"
  },
  "referenceLink": "https://access.redhat.com/errata/RHSA-2019:3401",
  "serverity": "\u4f4e",
  "submitTime": "2019-11-14",
  "title": "Red Hat 389 Directory Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-03178\uff09"
}

CVE-2019-10224 (GCVE-0-2019-10224)

Vulnerability from cvelistv5

Published

2019-11-25 00:00

Modified

2024-08-04 22:17

Severity ?

4.3 (Medium) - CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

CWE-522

Summary

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

References

▼	URL	Tags
	https://pagure.io/389-ds-base/issue/50251
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224
	https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html	mailing-list

Impacted products

	Vendor	Product	Version
	Red Hat	389-ds-base	Version: 389-ds-base 1.4.x.x before 1.4.1.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:17:18.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pagure.io/389-ds-base/issue/50251"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224"
          },
          {
            "name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "389-ds-base",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "389-ds-base 1.4.x.x before 1.4.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-24T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://pagure.io/389-ds-base/issue/50251"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224"
        },
        {
          "name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10224",
    "datePublished": "2019-11-25T00:00:00",
    "dateReserved": "2019-03-27T00:00:00",
    "dateUpdated": "2024-08-04T22:17:18.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted