PT-2019-1082 · Red Hat+1 · Ipa+2

Todd Lipcon

Publicado

2019-11-27

Atualizado

2021-12-06

CVE-2019-14867

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IPA versions 4.6.x before 4.6.7 IPA versions 4.7.x before 4.7.4 IPA versions 4.8.x before 4.8.3

Description A flaw was found in the way the internal function ber scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or, in some conditions, execute arbitrary code on the server hosting the IPA server.

Recommendations For IPA versions 4.6.x before 4.6.7, update to version 4.6.7 or later. For IPA versions 4.7.x before 4.7.4, update to version 4.7.4 or later. For IPA versions 4.8.x before 4.8.3, update to version 4.8.3 or later.

Correção

Code Injection

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-400

Identificadores relacionados

ALBA-2019:4268

ALT-PU-2019-3193

ALT-PU-2019-3206

CVE-2019-14867

GHSA-7HPJ-HFCR-5QWM

PYSEC-2019-28

PYSEC-2019-98

RHSA-2020:0378

RHSA-2020:1269

RHSA-2020_0378

Produtos afetados

Alt Linux

Ipa

Red Hat

PT-2019-1082 · Red Hat+1 · Ipa+2

CVE-2019-14867

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 37