PT-2018-5096 · Red Hat+3 · Ipa+4

Liam Campbell

Publicado

2017-01-02

Atualizado

2021-03-15

CVE-2016-9575

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ipa versions 4.2.x through 4.4.2

Description The issue allows an authenticated, unprivileged attacker to modify certificate profiles in IdM's certprofile-mod command due to improper permission checks. This could enable the attacker to issue certificates with arbitrary naming or key usage information, potentially leading to further attacks.

Recommendations For Ipa versions 4.2.x, 4.3.x before 4.3.3, and 4.4.x before 4.4.3, update to version 4.3.3 or 4.4.3, respectively, to resolve the issue. As a temporary workaround, consider restricting access to the certprofile-mod command to minimize the risk of exploitation.

Correção

Improper Authorization

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285CWE-863

Identificadores relacionados

ALT-PU-2017-1168

ALT-PU-2017-1531

CESA-2017_0001

CVE-2016-9575

RHSA-2017:0001

RHSA-2017_0001

USN-4792-1

Produtos afetados

Alt Linux

Centos

Ipa

Red Hat

Ubuntu

PT-2018-5096 · Red Hat+3 · Ipa+4

CVE-2016-9575

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31