CVE-2017-2590 – ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands

https://notcve.org/view.php?id=CVE-2017-2590

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. Se ha encontrado una vulnerabilidad en ipa en versiones anteriores a la 4.4. Los comandos ca-del, ca-disable, y ca-enable de IdM no comprobaban correctamente los permisos del usuario mientras modificaban las CA en Dogtag. • http://rhn.redhat.com/errata/RHSA-2017-0388.html http://www.securityfocus.com/bid/96557 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590 https://access.redhat.com/security/cve/CVE-2017-2590 https://bugzilla.redhat.com/show_bug.cgi?id=1413137 • CWE-275: Permission Issues CWE-732: Incorrect Permission Assignment for Critical Resource •