CVE-2015-5179
https://notcve.org/view.php?id=CVE-2015-5179
FreeIPA might display user data improperly via vectors involving non-printable characters. FreeIPA podría mostrar de forma incorrecta datos de usuario mediante vectores que incluyen caracteres que no se pueden imprimir. • https://bugzilla.redhat.com/show_bug.cgi?id=1252567 https://pagure.io/freeipa/issue/5153 • CWE-20: Improper Input Validation •
CVE-2017-11191 – FreeIPA 2.213 Session Hijacking
https://notcve.org/view.php?id=CVE-2017-11191
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern ** EN DISPUTA ** Las versiones 4.x de FreeIPA que tengan la versión 2.213 de la API permiten que usuarios autenticados remotos omitan las restricciones de bloqueo de cuenta previstas mediante una acción de desbloqueo con un ID de sesión antiguo (para la misma cuenta de usuario) que se había creado para una sesión anterior. NOTA: El fabricante afirma que no existe este problema en este producto y no reconoce este informe como un problema de seguridad válido. FreeIPA version 2.213 suffers from a session hijacking vulnerability. • http://packetstormsecurity.com/files/143532/FreeIPA-2.213-Session-Hijacking.html • CWE-384: Session Fixation •
CVE-2017-2590 – ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands
https://notcve.org/view.php?id=CVE-2017-2590
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. Se ha encontrado una vulnerabilidad en ipa en versiones anteriores a la 4.4. Los comandos ca-del, ca-disable, y ca-enable de IdM no comprobaban correctamente los permisos del usuario mientras modificaban las CA en Dogtag. • http://rhn.redhat.com/errata/RHSA-2017-0388.html http://www.securityfocus.com/bid/96557 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590 https://access.redhat.com/security/cve/CVE-2017-2590 https://bugzilla.redhat.com/show_bug.cgi?id=1413137 • CWE-275: Permission Issues CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2016-9575 – ipa: Insufficient permission check in certprofile-mod
https://notcve.org/view.php?id=CVE-2016-9575
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks. Ipa en versiones 4.2.x, 4.3.x anteriores a la 4.3.3 y 4.4.x anteriores a la 4.4.3 no comprobaba correctamente los permisos de usuario cuando se modificaban los perfiles de certificados en el comando certprofile-mod de IdM. Un atacante autenticado sin privilegios podría utilizar este fallo para modificar perfiles y enviar certificados con nombres arbitrarios o información de uso de claves y, como consecuencia, utilizar dichos certificados para otros ataques. It was found that IdM's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. • http://rhn.redhat.com/errata/RHSA-2017-0001.html http://www.securityfocus.com/bid/95068 https://bugzilla.redhat.com/show_bug.cgi?id=1395311 https://access.redhat.com/security/cve/CVE-2016-9575 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVE-2015-1827 – ipa: memory corruption when using get_user_grouplist()
https://notcve.org/view.php?id=CVE-2015-1827
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups. La función get_user_grouplist en el plug-in extdom en FreeIPA en versiones anteriores a 4.1.4 no reasigna memoria correctamente cuando procesa las cuentas de usuarios, lo que permite a atacantes remotos causar denegación de servicio (caída) a través de una solicitud de lista de grupo para un usuario que pertenece a un número grande de grupos. It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154314.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154103.html http://rhn.redhat.com/errata/RHSA-2015-0728.html http://www.securityfocus.com/bid/73376 https://bugzilla.redhat.com/show_bug.cgi?id=1205200 https://fedorahosted.org/freeipa/ticket/4908 https://access.redhat.com/security/cve/CVE-2015-1827 • CWE-19: Data Processing Errors CWE-131: Incorrect Calculation of Buffer Size •