Bug 1810160
Summary: | FreeIPA: local account takeover/HBAC rules bypass | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abokovoy, afarley, cbuissar, cheimes, contribs, frenaud, ipa-maint, jcholast, jhrozek, jjelen, mhjacks, mkosek, msiddiqu, pvoborni, rcritten, rharwood, sbose, security-response-team, ssorce, tmihinto, tscherf, twoerner |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A vulnerability was found in FreeIPA. An account created with a name corresponding to an account local to a system, such as 'root', could access any enrolled machine with that account, with local system privileges. This also bypasses the absence of explicit HBAC rules. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-06-17 07:24:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1835433, 1835434, 1847097 | ||
Bug Blocks: | 1809701 |
Description
Guilherme de Almeida Suckevicz
2020-03-04 16:16:00 UTC
Without any details on the scenario it is impossible to understand what 'flaw' is described here. Please take at least some time to substantiate your claims. For now this bug is for investigation only, more information will be shared soon. We cannot investigate without additional information. Can you at least provide a reproducer and example? Acknowledgments: Name: Julian Catrambone, Mike Losapio Created freeipa tracking bugs for this issue: Affects: fedora-all [bug 1847097] External References: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/defining-roles Statement: Roles are used to classify permitted actions but are not used as a tool to implement privilege separation or to protect from privilege escalation. As a result, using privileges to gain additional privileges is not something considered unexpected. This bug has been rejected as a security flaw. Users with privileges should be reserved to trusted persons. |