Sign-up

ID

VAR-201911-1016


CVE

CVE-2019-14824


TITLE

389-ds-base Uses freed memory vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011844

DESCRIPTION

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. 389-ds-base Contains a vulnerability in the use of freed memory.Information may be obtained. Red Hat 389 Directory Server (formerly known as Fedora Directory Server) is an enterprise-class Linux directory server from Red Hat. The server fully supports the LDAPv3 specification and features scalable, multi-master replication. Deref is one of the deref plugins. The deref plugin in Red Hat 389 Directory Server has a permission check bypass vulnerability that an attacker can use to view private properties. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: 389-ds-base security and bug fix update Advisory ID: RHSA-2019:3981-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3981 Issue date: 2019-11-26 CVE Names: CVE-2019-14824 ==================================================================== 1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: Read permission check bypass via the deref plugin (CVE-2019-14824) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * DB Deadlock on modrdn appears to corrupt database and entry cache (BZ#1749289) * After audit log file is rotated, DS version string is logged after each update (BZ#1754831) * Extremely slow LDIF import with ldif2db (BZ#1763622) * ns-slapd crash on concurrent SASL BINDs, connection_call_io_layer_callbacks must hold hold c_mutex (BZ#1763627) * CleanAllRUV task limit not enforced (BZ#1767622) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the 389 server service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1747448 - CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin 1749289 - DB Deadlock on modrdn appears to corrupt database and entry cache [rhel-7.7.z] 1754831 - After audit log file is rotated, DS version string is logged after each update [rhel-7.7.z] 1763622 - Extremely slow LDIF import with ldif2db [rhel-7.7.z] 1763627 - ns-slapd crash on concurrent SASL BINDs, connection_call_io_layer_callbacks must hold hold c_mutex [rhel-7.7.z] 1767622 - CleanAllRUV task limit not enforced [rhel-7.7.z] 6. 7): Source: 389-ds-base-1.3.9.1-12.el7_7.src.rpm ppc64: 389-ds-base-1.3.9.1-12.el7_7.ppc64.rpm 389-ds-base-debuginfo-1.3.9.1-12.el7_7.ppc64.rpm 389-ds-base-devel-1.3.9.1-12.el7_7.ppc64.rpm 389-ds-base-libs-1.3.9.1-12.el7_7.ppc64.rpm 389-ds-base-snmp-1.3.9.1-12.el7_7.ppc64.rpm ppc64le: 389-ds-base-debuginfo-1.3.9.1-12.el7_7.ppc64le.rpm 389-ds-base-devel-1.3.9.1-12.el7_7.ppc64le.rpm 389-ds-base-snmp-1.3.9.1-12.el7_7.ppc64le.rpm s390x: 389-ds-base-1.3.9.1-12.el7_7.s390x.rpm 389-ds-base-debuginfo-1.3.9.1-12.el7_7.s390x.rpm 389-ds-base-devel-1.3.9.1-12.el7_7.s390x.rpm 389-ds-base-libs-1.3.9.1-12.el7_7.s390x.rpm 389-ds-base-snmp-1.3.9.1-12.el7_7.s390x.rpm x86_64: 389-ds-base-debuginfo-1.3.9.1-12.el7_7.x86_64.rpm 389-ds-base-devel-1.3.9.1-12.el7_7.x86_64.rpm 389-ds-base-snmp-1.3.9.1-12.el7_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): x86_64: 389-ds-base-debuginfo-1.3.9.1-12.el7_7.x86_64.rpm 389-ds-base-devel-1.3.9.1-12.el7_7.x86_64.rpm 389-ds-base-snmp-1.3.9.1-12.el7_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14824 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXd0wD9zjgjWX9erEAQgHUg/+N9VdnQDmeRiQopeSvr69XIUMytjLbwk1 qzX1z2FUIjJCHOFrxGq43aellPmu2K+opzhvrcpSaOgxBIAHScPI6dVtkdpUp9hU ijFv8+W9SYKOWw7I1jujBvV9VC+bPcrtju2CMl381tEOqJEiWB1241OSCq5LFFE6 /EyyLW8cTONmY09mmPJozHMshAypKUcPuWICO3iWS+F057h5H6sDgNUCX/ohonnk H+x5by1atY2Q013Crbyr/bJ+Gdp3aaULLaAOKPgd+98DeSCSl+trbbkNwXtj56Tb HqKz2ECOH49VsEUjlxYGiNTV3XraRWWEcAKmlwGsyFQbU2A+T8hBBXhGMHhQv8+f OE/kOH7nE9mTXM2k2XTKn8uZvMDUKipM/A4tFwg3l47GELZ/HjF6I0pYF5fy1bUR HHzaYbL+Q2LZR2Zyka0x4vtqeY4fXyTrM7/8umN5yzdtwkPUpTArFj2ATPB3ZtKH tlfwpd+WA90xT0/34ToRXyMneSiE0siLLr0xRAHTfbX/OpXipT7amSLwhA9xtqNK CclPFA20ediujwvVxY3Wd+Ch/LC9uyeAJfp08FPZHbIorMKhSmGtVzWBIS3XtF+7 N5NOXZ5kZo8kmC+9kr0bTutifb5QY+IuLZyUdkQPoj9+oYVJOy612g8CPCSWzzO/ 8ANLdd053bc=rS+e -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8.0) - noarch, ppc64le, x86_64 3. Bugs fixed (https://bugzilla.redhat.com/): 1747448 - CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin 6. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. The following packages have been upgraded to a later upstream version: 389-ds-base (1.4.1.3). Bugs fixed (https://bugzilla.redhat.com/): 1591480 - CVE-2018-10871 389-ds-base: replication and the Retro Changelog plugin store plaintext password by default 1654056 - /usr/lib/systemd/system/dirsrv@.service:40: .include directives are deprecated 1654059 - CVE-2019-10224 389-ds-base: using dscreate in verbose mode results in information disclosure [rhel-8] 1677147 - CVE-2019-10224 389-ds-base: using dscreate in verbose mode results in information disclosure 1678517 - ipa role-mod DatabaseError changing cn 1693612 - CVE-2019-3883 389-ds-base: DoS via hanging secured connections 1702024 - Cannot create Directory Server's instances using dscreate 1706224 - Protocol setting is inconsistent in FIPS mode 1712467 - Rebase 389-ds-base on RHEL 8.1 1715675 - Fix potential ipv6 issues 1717540 - Address covscan warnings 1720331 - Log the actual base DN when the search fails with "invalid attribute request". 1725815 - consistency in the replication error codes while setting nsds5replicaid=65535 1729069 - IPA upgrade fails for latest ipa package when setup in multi master mode 1739183 - CleanAllRUV task limit not enforced 1747448 - CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin 6

Trust: 2.43

sources: NVD: CVE-2019-14824 // JVNDB: JVNDB-2019-011844 // CNVD: CNVD-2019-40300 // PACKETSTORM: 155470 // PACKETSTORM: 156280 // PACKETSTORM: 155127

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-40300

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:fedoraprojectmodel:389 directory serverscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.0

Trust: 1.0

vendor:fedoramodel:389 directory serverscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope: - version: -

Trust: 0.8

vendor:redmodel:hat directory serverscope:eqversion:389

Trust: 0.6

sources: CNVD: CNVD-2019-40300 // JVNDB: JVNDB-2019-011844 // NVD: CVE-2019-14824

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14824
value: MEDIUM

Trust: 1.0

secalert@redhat.com: CVE-2019-14824
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-14824
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-40300
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-089
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-14824
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-40300
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

secalert@redhat.com: CVE-2019-14824
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-14824
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-40300 // JVNDB: JVNDB-2019-011844 // CNNVD: CNNVD-201911-089 // NVD: CVE-2019-14824 // NVD: CVE-2019-14824

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:CWE-416

Trust: 0.8

sources: JVNDB: JVNDB-2019-011844 // NVD: CVE-2019-14824

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-089

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201911-089

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011844

PATCH
title:Top Pageurl:https://directory.fedoraproject.org/
Trust: 0.8
title:Bug 1747448url:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011844

EXTERNAL IDS
db:NVDid:CVE-2019-14824
Trust: 3.3
db:JVNDBid:JVNDB-2019-011844
Trust: 0.8
db:PACKETSTORMid:155470
Trust: 0.7
db:PACKETSTORMid:156280
Trust: 0.7
db:CNVDid:CNVD-2019-40300
Trust: 0.6
db:AUSCERTid:ESB-2020.0474
Trust: 0.6
db:AUSCERTid:ESB-2019.4108
Trust: 0.6
db:AUSCERTid:ESB-2019.4488
Trust: 0.6
db:AUSCERTid:ESB-2019.4521
Trust: 0.6
db:AUSCERTid:ESB-2023.2312
Trust: 0.6
db:CNNVDid:CNNVD-201911-089
Trust: 0.6
db:PACKETSTORMid:155127
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-40300 // 
            
            
            
            JVNDB: JVNDB-2019-011844 // 
            
            
            
            PACKETSTORM: 155470 // 
            
            
            
            PACKETSTORM: 156280 // 
            
            
            
            PACKETSTORM: 155127 // 
            
            
            
            CNNVD: CNNVD-201911-089 // 
            
            
            
            NVD: CVE-2019-14824

REFERENCES
url:https://access.redhat.com/errata/rhsa-2019:3981
Trust: 2.3
url:https://access.redhat.com/errata/rhsa-2020:0464
Trust: 2.3
url:https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html
Trust: 2.2
url:https://access.redhat.com/security/cve/cve-2019-14824
Trust: 2.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-14824
Trust: 1.7
url:https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html
Trust: 1.6
url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14824
Trust: 1.6
url:https://access.redhat.com/errata/rhsa-2019:3401
Trust: 1.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14824
Trust: 0.8
url:https://access.redhat.com/errata/rhsa-2019
Trust: 0.6
url:https://bugzilla.redhat.com/show_bug.cgi?id=1747448
Trust: 0.6
url:https://pagure.io/389-ds-base/issue/50716
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0474/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4108/
Trust: 0.6
url:https://packetstormsecurity.com/files/155470/red-hat-security-advisory-2019-3981-01.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2023.2312
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4488/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4521/
Trust: 0.6
url:https://vigilance.fr/vulnerability/389-directory-server-information-disclosure-via-deref-plugin-30987
Trust: 0.6
url:https://packetstormsecurity.com/files/156280/red-hat-security-advisory-2020-0464-01.html
Trust: 0.6
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.3
url:https://bugzilla.redhat.com/):
Trust: 0.3
url:https://access.redhat.com/security/team/key/
Trust: 0.3
url:https://access.redhat.com/articles/11258
Trust: 0.3
url:https://access.redhat.com/security/team/contact/
Trust: 0.3
url:https://access.redhat.com/security/updates/classification/#important
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-3883
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-10224
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-10224
Trust: 0.1
url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-10871
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-3883
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-10871
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-40300 // 
            
            
            
            JVNDB: JVNDB-2019-011844 // 
            
            
            
            PACKETSTORM: 155470 // 
            
            
            
            PACKETSTORM: 156280 // 
            
            
            
            PACKETSTORM: 155127 // 
            
            
            
            CNNVD: CNNVD-201911-089 // 
            
            
            
            NVD: CVE-2019-14824

CREDITS
Red Hat
Trust: 0.9
sources:
            
            
            PACKETSTORM: 155470 // 
            
            
            
            PACKETSTORM: 156280 // 
            
            
            
            PACKETSTORM: 155127 // 
            
            
            
            CNNVD: CNNVD-201911-089

SOURCES
db:CNVDid:CNVD-2019-40300
db:JVNDBid:JVNDB-2019-011844
db:PACKETSTORMid:155470
db:PACKETSTORMid:156280
db:PACKETSTORMid:155127
db:CNNVDid:CNNVD-201911-089
db:NVDid:CVE-2019-14824

LAST UPDATE DATE
2024-11-23T20:52:09.436000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-40300date:2019-11-13T00:00:00
db:JVNDBid:JVNDB-2019-011844date:2019-11-19T00:00:00
db:CNNVDid:CNNVD-201911-089date:2023-04-26T00:00:00
db:NVDid:CVE-2019-14824date:2024-11-21T04:27:26.460

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-40300date:2019-11-13T00:00:00
db:JVNDBid:JVNDB-2019-011844date:2019-11-19T00:00:00
db:PACKETSTORMid:155470date:2019-11-26T17:22:54
db:PACKETSTORMid:156280date:2020-02-10T21:03:06
db:PACKETSTORMid:155127date:2019-11-06T15:37:05
db:CNNVDid:CNNVD-201911-089date:2019-11-04T00:00:00
db:NVDid:CVE-2019-14824date:2019-11-08T15:15:11.563