CVE-2016-5404
Published: 7 September 2016
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
From the Ubuntu Security Team
It was discovered that FreeIPA incorrectly handled certificates. An attacker could possibly use this issue to cause a denial of service by revoking arbitrary certificates.
Priority
Status
Package | Release | Status |
---|---|---|
freeipa Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(4.4.3-3ubuntu2.1)
|
bionic |
Not vulnerable
(4.4.3-3ubuntu2.1)
|
|
cosmic |
Not vulnerable
(4.4.3-3ubuntu2.1)
|
|
disco |
Not vulnerable
(4.4.3-3ubuntu2.1)
|
|
eoan |
Not vulnerable
(4.4.3-3ubuntu2.1)
|
|
focal |
Not vulnerable
(4.4.3-3ubuntu2.1)
|
|
groovy |
Not vulnerable
(4.4.3-3ubuntu2.1)
|
|
hirsute |
Not vulnerable
(4.4.3-3ubuntu2.1)
|
|
impish |
Not vulnerable
(4.4.3-3ubuntu2.1)
|
|
jammy |
Not vulnerable
(4.4.3-3ubuntu2.1)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Released
(4.4.1)
|
|
xenial |
Released
(4.3.1-0ubuntu1+esm1)
Available with Ubuntu Pro |
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Not vulnerable
(4.4.3-3ubuntu2.1)
|
|
Patches: upstream: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |