Your submission was sent successfully! Close

CVE-2021-3652

Published: 27 July 2021

[CRYPT password hash with asterisk allows any bind attempt to succeed]

Priority

Low

Status

Package Release Status
389-ds-base
Launchpad, Ubuntu, Debian
Upstream
Released (1.4.2.18, 1.4.3.25, 1.4.4.17, 2.0.7)
Ubuntu 21.10 (Impish Indri) Not vulnerable

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(out of standard support, was not-affected [code not present])
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (2.0.7)
Upstream: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4)
Upstream: https://github.com/389ds/389-ds-base/commit/18271bad6395032a20465c7db9ea47636ad5fb45 (1.4.3)
Upstream: https://github.com/389ds/389-ds-base/commit/fd4c991bd3da4c7d486a87ede8f4956cc6ed8a0d (1.4.2)

Notes

AuthorNote
ccdm94
this CVE is very similar to CVE-2017-15135. The patch for
CVE-2017-15135 seems to fix this issue. CVE-2017-15135
was introduced in a patch for CVE-2016-5405, not applied
in trusty and xenial. The patch for CVE-2017-15135 is
included in the package for releases following xenial.

References

Bugs