Operating System:

[UNIX/Linux][RedHat]

Published:

11 August 2021

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2021.2716 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.2716
                  389-ds:1.4 security and bug fix update
                              11 August 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           389-ds:1.4
Publisher:         Red Hat
Operating System:  Red Hat
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Unauthorised Access -- Unknown/Unspecified
                   Reduced Security    -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-3652  

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:3079

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: 389-ds:1.4 security and bug fix update
Advisory ID:       RHSA-2021:3079-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:3079
Issue date:        2021-08-10
Cross references:  https://access.redhat.com/security/updates/classification/#low
CVE Names:         CVE-2021-3652 
=====================================================================

1. Summary:

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise
Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The
base packages include the Lightweight Directory Access Protocol (LDAP)
server and command-line utilities for server administration. 

Security Fix(es):

* 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to
succeed (CVE-2021-3652)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* A plugin can create an index. Even if the index can be used immediately
(for searches) the index remains offline until further reindex (BZ#1983095)

* On big endian machine, the server fails to identify the operation type
(BZ#1980063)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1980063 - IPA installation fails on s390x with 389-ds-base-1.4.3.8-4.module+el8.3.0+7193+dfd1e8ad.s390x [rhel-8.4.0.z]
1982782 - CVE-2021-3652 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed
1983095 - Internal unindexed searches in syncrepl [rhel-8.4.0.z]
1984091 - persistent search returns entries even when an error is returned by content-sync-plugin [rhel-8.4.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
389-ds-base-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.src.rpm

aarch64:
389-ds-base-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm
389-ds-base-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm
389-ds-base-debugsource-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm
389-ds-base-devel-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm
389-ds-base-legacy-tools-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm
389-ds-base-legacy-tools-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm
389-ds-base-libs-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm
389-ds-base-libs-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm
389-ds-base-snmp-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm
389-ds-base-snmp-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm

noarch:
python3-lib389-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.noarch.rpm

ppc64le:
389-ds-base-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm
389-ds-base-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm
389-ds-base-debugsource-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm
389-ds-base-devel-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm
389-ds-base-legacy-tools-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm
389-ds-base-legacy-tools-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm
389-ds-base-libs-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm
389-ds-base-libs-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm
389-ds-base-snmp-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm
389-ds-base-snmp-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm

s390x:
389-ds-base-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm
389-ds-base-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm
389-ds-base-debugsource-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm
389-ds-base-devel-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm
389-ds-base-legacy-tools-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm
389-ds-base-legacy-tools-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm
389-ds-base-libs-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm
389-ds-base-libs-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm
389-ds-base-snmp-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm
389-ds-base-snmp-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm

x86_64:
389-ds-base-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm
389-ds-base-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm
389-ds-base-debugsource-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm
389-ds-base-devel-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm
389-ds-base-legacy-tools-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm
389-ds-base-legacy-tools-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm
389-ds-base-libs-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm
389-ds-base-libs-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm
389-ds-base-snmp-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm
389-ds-base-snmp-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3652
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYRKHQ9zjgjWX9erEAQi52Q//Yhzf4kJb92pgQea1OELXs3MSKAsxLSsK
wTZeufVhSjUzi5Io7dKdYEi8XtH5JEKIPiXqrcBN8Ry5b42Ppc0nbf6b8TLmJHgB
6jPwiaBQU9FlsIrGla5jIvK/7zwORQCoDKBVtwcOGduEB+kOnj5zuoyyEz0gqjAP
Yhab6dzidyh0DWW6PyyQ6+JFU6x9G9oeGg9eqgAfsUHb6K7FmSyheXL8xZkjiN0z
dovvj8nb7KFfYx1fXMpBaFzCZHDdondW5PLMXQ5GA3xpTdBBVVRkPVRm+ejQy5qZ
b5P7cu+0/U8z8o7dj5p4g71osN+O/mLSFg0qsNuzpXjSD7oEzzB1b2KhEdZQIN4O
w5RrfJcdWqnt4OLHcl4GZ9AYjqmH9ZkNUjfc+ARS3LoLDcGTxRq3mBCbNVv6dAVr
NpfByZSmK2s1rSS9Dmf7p7zoCo++k2zk6l7fLkl72iu/UOFvwI7DoLuR56WmItd4
05oAV7gvZA+eN/VyglMYt6CM/iw4GBBHUaEHBi1qEawE6yZ1dBy8XR75ePd/z5Pn
SeReL/5eOCXr4rQqZQJ7mE+JimcAokzMyHSOBf4AU/iWZhRclbolJV1kWarGyScU
mIX3TPkSd8l2s8L0zIBy3NLRYyDEevmj446OgPRD5qpo2DPhJrZkJEXZXltiTgJH
8pexsoaEh0A=
=tg33
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYRNnAeNLKJtyKPYoAQi4wxAAmhvyPPsDC0kNykT6u0vk7FEWbGS1efzl
tuQpJE1BSjwgQpZDmZ7K90QULkLfrqMfIkOru/a9rtVKBd0PtURIPlv49mHd2C+O
k3eU4GDqFs5qbai2/QPjwd1R0dTevi6oxrqMZRDCR9tnWR1h8TdWONQv+0CHq1wA
ptNzMXpmZV0H0qSAjw4qpSSTmfK0tqX4+vr6kQ5Wh5XmjcN0Sl931UCBhrdCivRv
DoS+9MTgKCMnEdcmhXHfhTj4ge7xcyyLJgHkSBMLp0uxTokB7K8FaH4lSaLC6A4H
hUsHaaWuCLDiAEuA2dMabbB5u99eSvRNmLvXazZMlKwLejj6k6ADgE4xH+A+Ki6y
kbhOLsMDgOJv5m+cNNEiSH+nxBj6fIK0dWUThC+obJZ02WZ626JtxDmp/5UmzSrE
N5lMLqJ/dK8CXsUQVDx/ArkxXX3NzUD0gVqdR111bDzAtoHzYsXnIngkCO4t1ALJ
dHTfCZrN9VLecRXy+mdWwGwA1Mk6jDemfP/P71wKiHBJSc1Brv7+NC7TAW/rS5C8
gDOOgKYtofrlj7KW0IMEKu2ckLAqC5/uUY6V6rk0HydJShwWL191Z+BoltkRKNln
o6jYFTwaPQpqNRo+47pH+Q7yOn7G/iW+sqpRJyTCXq8USg6Uil03HsqDwcHAEWGo
4cG54vh733E=
=rkVZ
-----END PGP SIGNATURE-----