CVE-2019-10224

NameCVE-2019-10224
DescriptionA flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
389-ds-base (PTS)stretch1.3.5.17-2fixed
buster1.4.0.21-1vulnerable
bullseye, sid1.4.4.4-1fixed
python-lib389 (PTS)stretch1.0.2-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
389-ds-basesourcejessie(not affected)
389-ds-basesourcestretch(not affected)
389-ds-basesource(unstable)1.4.1.5-1
python-lib389source(unstable)(unfixed)

Notes

[buster] - 389-ds-base <no-dsa> (Minor issue)
[stretch] - 389-ds-base <not-affected> (vulnerable code not present)
[jessie] - 389-ds-base <not-affected> (vulnerable code not present)
[stretch] - python-lib389 <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=1677147
https://pagure.io/389-ds-base/issue/50251
https://pagure.io/389-ds-base/c/632ecb90d96ac0535656f5aaf67fd2be4b81d310

Search for package or bug name: Reporting problems