CVE-2016-7030
Published: 28 August 2017
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.
From the Ubuntu Security Team
It was discovered that FreeIPA incorrectly handled authentication attempts. An attacker could possibly use this issue to cause a denial of service.
Priority
Status
Package | Release | Status |
---|---|---|
freeipa Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(4.4.4-1)
|
|
cosmic |
Not vulnerable
(4.4.4-1)
|
|
disco |
Not vulnerable
(4.4.4-1)
|
|
eoan |
Not vulnerable
(4.4.4-1)
|
|
focal |
Not vulnerable
(4.4.4-1)
|
|
groovy |
Not vulnerable
(4.4.4-1)
|
|
impish |
Not vulnerable
(4.4.4-1)
|
|
jammy |
Not vulnerable
(4.4.4-1)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Released
(3.3.4-0ubuntu3.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(4.4.4-1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
hirsute |
Not vulnerable
(4.4.4-1)
|
|
xenial |
Released
(4.3.1-0ubuntu1+esm1)
Available with Ubuntu Pro |
|
Patches: upstream: https://pagure.io/freeipa/c/08e7af9f0f8acac3dcd8dde1eee53261e5d25f1f?branch=ipa-4-4 upstream: https://pagure.io/freeipa/c/171bc3e6853f905184584e414cefa4f7296c02ea?branch=ipa-4-4 (testcases) upstream: https://pagure.io/freeipa/c/84f6df6349b5c412467746777e905d9e4f8792ca?branch=ipa-4-4 (regression fix) upstream: https://pagure.io/freeipa/c/f0f48ec14f3ff55852393927533ffd253cb5a04b?branch=ipa-4-4 (tests) upstream: https://pagure.io/freeipa/c/e02323c1c3b3c3dadd57d9f1885ec1af046718de?branch=ipa-4-4 (tests) |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |