CVE-2016-5404
medium
CVSS v3
6.5
CVSS v2
4.0
VIR risk
6.5
Description
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-5404
Vendor advisory: secalert@redhat.com — https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 4.3.2-5 |
| debian | sid | fixed | 4.3.2-5 |
| debian | trixie | fixed | 4.3.2-5 |
| fedora | 23 | affected | |
| fedora | 24 | affected | |
| fedora | 25 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| freeipa | freeipa | - | |
References
- http://rhn.redhat.com/errata/RHSA-2016-1797.html
- http://www.openwall.com/lists/oss-security/2016/08/17/9
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/92525
- https://fedorahosted.org/freeipa/ticket/6232
- https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/
- https://security-tracker.debian.org/tracker/CVE-2016-5404
CWEs
CWE-284
Verify integrity in audit chain (admin only). AS-IS.