CVE-2012-5484

Name of the Vulnerable Software and Affected Versions FreeIPA versions prior to 3.1.2 ipa-client versions 2.1.3 through 2.2.0 ipa-server versions 2.2.0 ipa-python versions 2.2.0 ipa-admintools versions 2.2.0 ipa-server-selinux versions 2.2.0 ipa-debuginfo versions 2.2.0

Description The client in FreeIPA does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate. This can lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For FreeIPA versions prior to 3.1.2, update to version 3.1.2 or later. For ipa-client versions 2.1.3 through 2.2.0, update to a version later than 2.2.0. For ipa-server versions 2.2.0, update to a version later than 2.2.0. For ipa-python versions 2.2.0, update to a version later than 2.2.0. For ipa-admintools versions 2.2.0, update to a version later than 2.2.0. For ipa-server-selinux versions 2.2.0, update to a version later than 2.2.0. For ipa-debuginfo versions 2.2.0, update to a version later than 2.2.0. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available.