Lucene search

K

GoogleOSV:GHSA-9CXH-GQPX-QC5M

HistoryOct 12, 2021 - 5:49 p.m.

Credential Disclosure in System.DirectoryServices.Protocols

2021-10-1217:49:25

Google

osv.dev

16

microsoft

security advisory

.net

developers

update

applications

vulnerability

system.directoryservices.protocols

linux

patches

announcement

issue

msrc

EPSS

0.031

Percentile

91.2%

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on Linux.

Patches

Any .NET application that uses System.DirectoryServices.Protocols with a vulnerable version listed below on system based on Linux.

Package name	Vulnerable versions	Secure versions
System.DirectoryServices.Protocols	5.0.0	5.0.1

Other Details

Announcement for this issue can be found at dotnet/announcements#202
An Issue for this can be found at https://github.com/dotnet/runtime/issues/60301
MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-41355

References

github.com/dotnet/runtime

github.com/dotnet/runtime/issues/60301

github.com/dotnet/runtime/security/advisories/GHSA-9cxh-gqpx-qc5m

msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-41355

nvd.nist.gov/vuln/detail/CVE-2021-41355

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41355

www.oracle.com/security-alerts/cpujan2022.html

EPSS

0.031

Percentile

91.2%

Related for OSV:GHSA-9CXH-GQPX-QC5M

redhat2 redhatcve1 nessus8 almalinux1 github1 osv4 cvelist1 mscve1 nvd1 oraclelinux1 rocky1 prion1 cve1 kaspersky1 altlinux4 photon1 rapid7blog1