Bug 876307 (CVE-2012-5484)
Summary: | CVE-2012-5484 ipa: weakness when initiating join from IPA client can potentially compromise IPA domain | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||||
Severity: | high | Docs Contact: | |||||||||||
Priority: | high | ||||||||||||
Version: | unspecified | CC: | dpal, jdennis, jgalipea, ksiddiqu, mkosek, pspacek, rcritten, security-response-team, ssorce | ||||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||||
Target Release: | --- | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2013-01-23 21:53:19 UTC | Type: | --- | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | 878217, 878218, 878219, 878220, 903390 | ||||||||||||
Bug Blocks: | 876369 | ||||||||||||
Attachments: |
|
Description
Vincent Danen
2012-11-13 19:04:13 UTC
Created attachment 657525 [details]
1/4
Created attachment 657526 [details]
2/4
Created attachment 657527 [details]
3/4
Created attachment 657528 [details]
4/4
To work around/mitigate this problem, use an unprivileged user to join to the IPA domain, or use OTP (which can also be used at the commandline, not just during kickstart). External References: http://www.freeipa.org/page/CVE-2012-5484 Created freeipa tracking bugs for this issue Affects: fedora-all [bug 903390] This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0188 https://rhn.redhat.com/errata/RHSA-2013-0188.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0189 https://rhn.redhat.com/errata/RHSA-2013-0189.html freeipa-3.1.2-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. *** Bug 842873 has been marked as a duplicate of this bug. *** |