CVE-2016-9575 – ipa: Insufficient permission check in certprofile-mod
https://notcve.org/view.php?id=CVE-2016-9575
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks. Ipa en versiones 4.2.x, 4.3.x anteriores a la 4.3.3 y 4.4.x anteriores a la 4.4.3 no comprobaba correctamente los permisos de usuario cuando se modificaban los perfiles de certificados en el comando certprofile-mod de IdM. Un atacante autenticado sin privilegios podría utilizar este fallo para modificar perfiles y enviar certificados con nombres arbitrarios o información de uso de claves y, como consecuencia, utilizar dichos certificados para otros ataques. It was found that IdM's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. • http://rhn.redhat.com/errata/RHSA-2017-0001.html http://www.securityfocus.com/bid/95068 https://bugzilla.redhat.com/show_bug.cgi?id=1395311 https://access.redhat.com/security/cve/CVE-2016-9575 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVE-2015-1827 – ipa: memory corruption when using get_user_grouplist()
https://notcve.org/view.php?id=CVE-2015-1827
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups. La función get_user_grouplist en el plug-in extdom en FreeIPA en versiones anteriores a 4.1.4 no reasigna memoria correctamente cuando procesa las cuentas de usuarios, lo que permite a atacantes remotos causar denegación de servicio (caída) a través de una solicitud de lista de grupo para un usuario que pertenece a un número grande de grupos. It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154314.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154103.html http://rhn.redhat.com/errata/RHSA-2015-0728.html http://www.securityfocus.com/bid/73376 https://bugzilla.redhat.com/show_bug.cgi?id=1205200 https://fedorahosted.org/freeipa/ticket/4908 https://access.redhat.com/security/cve/CVE-2015-1827 • CWE-19: Data Processing Errors CWE-131: Incorrect Calculation of Buffer Size •
CVE-2014-7850
https://notcve.org/view.php?id=CVE-2014-7850
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation. Vulnerabilidad de XSS en la IU Web en FreeIPA 4.x anterior a 4.1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con la navegación 'breadcrumb'. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144848.html https://bugzilla.redhat.com/show_bug.cgi?id=1165280 https://fedorahosted.org/freeipa/ticket/4742 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-7828
https://notcve.org/view.php?id=CVE-2014-7828
FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind. FreeIPA 4.0.x anterior a 4.0.5 y 4.1.x anterior a 4.1.1, cuando 2FA está activado, permite a atacantes remotos evadir la contraseña requerida por la autenticación de dos factores aprovechando un token OTP habilitado, lo que provoca un bind anónimo. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143000.html http://www.freeipa.org/page/Releases/4.1.1 http://www.securityfocus.com/bid/70932 https://bugzilla.redhat.com/show_bug.cgi?id=1160871 https://exchange.xforce.ibmcloud.com/vulnerabilities/98500 https://fedorahosted.org/freeipa/ticket/4690 https://www.redhat.com/archives/freeipa-devel/2014-November/msg00068.html https://www.redhat.com/archives/freeipa-users/2014-November/msg00077.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-0336
https://notcve.org/view.php?id=CVE-2013-0336
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server. La función ipapwd_chpwop en daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c en el servidor del directorio (dirsrv) en FreeIPA anterior a 3.2.0 permite a atacantes remotos causar una denegación de servicio (caída) a través de una solicitud de conexión sin username/dn, relacionado con el servidor del directorio 389. • http://secunia.com/advisories/52763 http://www.securityfocus.com/bid/58747 https://bugzilla.redhat.com/show_bug.cgi?id=913751 https://exchange.xforce.ibmcloud.com/vulnerabilities/83132 https://fedorahosted.org/freeipa/ticket/3539 https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8e • CWE-20: Improper Input Validation •