CVE-2022-2850 An attacker can exploit a NULL pointer dereference in the Content Synchronization plugin to cause a denial of service.

Another flaw was found In 389-ds-base. When the LDAP authentication plugin is enabled, an authenticated user can bypass intended access restrictions and read any file on the system using a specially crafted query. This flaw allows an authenticated user to bypass intended access restrictions and potentially read any file on the system. This CVE is assigned against an incomplete fix of CVE-2021-3515. Another flaw was found In 389-ds-base. When the LDAP authentication plugin is enabled, an authenticated user can execute arbitrary code with the privileges of the “cn=config” administrative user using a specially crafted query. This flaw allows an authenticated user to execute arbitrary code with the privileges of the “cn=config” administrative user. This CVE is assigned against an incomplete fix of CVE-2021-3516. Another flaw was found In 389-ds-base. When the LDAP authentication plugin is enabled and the LDAP server allows anonymous access, an authenticated user can bypass intended access restrictions and read any file on the system using a specially crafted query. This flaw allows an authenticated user to bypass intended access restrictions and potentially read any file on the system. This CVE is assigned against an incomplete fix of CVE-2021-3517. Another flaw was found In 389-ds-base. When the LDAP authentication plugin is enabled and the LDAP server allows anonymous access, an authenticated user can execute arbitrary code with the privileges of the “cn=config”

Authentication flaws

The authentication flaws allow an authenticated user to bypass intended access restrictions and read any file on the system using a specially crafted query.
This CVE is assigned against an incomplete fix of CVE-2021-3517. Another flaw was found In 389-ds-base. When the LDAP authentication plugin is enabled, an authenticated user can execute arbitrary code with the privileges of the “cn=config” administrative user using a specially crafted query. This flaw allows an authenticated user to execute arbitrary code with the privileges of the “cn=config” administrative user. This CVE is assigned against an incomplete fix of CVE-2021-3516. Another flaw was found In 389-ds-base. When the LDAP authentication plugin is enabled, an authenticated user can bypass intended access restrictions and potentially read any file on the system using a specially crafted query. This flaw allows an authenticated user to bypass intended access restrictions and potentially read any file on the system. This CVE is assigned against an incomplete fix of CVE-2021-3518.

Exploitation of CVE-2022-2850

When the LDAP authentication plugin is enabled, an authenticated user can execute arbitrary code with the privileges of the “cn=config” administrative user using a specially crafted query. This flaw allows an authenticated user to execute arbitrary code with the privileges of the “cn=config” administrative user. This CVE is assigned against an incomplete fix of CVE-2021-3516.

How to fix code

Timeline

Published on: 10/14/2022 18:15:00 UTC
Last modified on: 10/17/2022 19:45:00 UTC

References

• https://bugzilla.redhat.com/show_bug.cgi?id=2118691
• https://access.redhat.com/security/cve/CVE-2022-2850
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2850