PT-2018-5096 · Red Hat+3 · Ipa+4

Liam Campbell

·

Published

2017-01-02

·

Updated

2021-03-15

·

CVE-2016-9575

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Ipa versions 4.2.x through 4.4.2
Description The issue allows an authenticated, unprivileged attacker to modify certificate profiles in IdM's certprofile-mod command due to improper permission checks. This could enable the attacker to issue certificates with arbitrary naming or key usage information, potentially leading to further attacks.
Recommendations For Ipa versions 4.2.x, 4.3.x before 4.3.3, and 4.4.x before 4.4.3, update to version 4.3.3 or 4.4.3, respectively, to resolve the issue. As a temporary workaround, consider restricting access to the certprofile-mod command to minimize the risk of exploitation.

Fix

Improper Authorization

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-863

Related Identifiers

ALT-PU-2017-1168
ALT-PU-2017-1531
CESA-2017_0001
CVE-2016-9575
RHSA-2017:0001
RHSA-2017_0001
USN-4792-1

Affected Products

Alt Linux
Centos
Ipa
Red Hat
Ubuntu