Search criteria

15 vulnerabilities found for freeipa by redhat

FKIE_CVE-2013-0336

Vulnerability from fkie_nvd - Published: 2014-11-03 23:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.
References
secalert@redhat.comhttp://secunia.com/advisories/52763
secalert@redhat.comhttp://www.securityfocus.com/bid/58747
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=913751
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/83132
secalert@redhat.comhttps://fedorahosted.org/freeipa/ticket/3539Patch
secalert@redhat.comhttps://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8eExploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/52763
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/58747
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=913751
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/83132
af854a3a-2127-422b-91ae-364da2661108https://fedorahosted.org/freeipa/ticket/3539Patch
af854a3a-2127-422b-91ae-364da2661108https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8eExploit, Patch
Impacted products
Vendor Product Version
redhat freeipa *
redhat freeipa 3.0.0
redhat freeipa 3.0.1
redhat freeipa 3.0.2
redhat freeipa 3.1.1
redhat freeipa 3.1.2
redhat freeipa 3.1.3
redhat freeipa 3.1.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3517EC39-6407-4EAC-B3A0-6150B6AEC5EA",
              "versionEndIncluding": "3.1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9EC0B67-0A62-40DB-AB3D-47251D6A9A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4876ACC-1CF4-4674-8DD0-D64E028F5FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A987D93-5427-4954-8C6C-E7C295A09BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BED799E-F847-4FAD-8EE0-CAB1DA6C0558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "289FB702-8C2E-41D1-A737-A0BB520E0058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2030CF38-13FB-403B-865E-FED916A17B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE5A3C50-BFE6-4453-B1E8-F29227B68828",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n ipapwd_chpwop en daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c en el servidor del directorio (dirsrv) en FreeIPA anterior a 3.2.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una solicitud de conexi\u00f3n sin username/dn, relacionado con el servidor del directorio 389."
    }
  ],
  "id": "CVE-2013-0336",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-03T23:55:04.877",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/52763"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/58747"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913751"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83132"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://fedorahosted.org/freeipa/ticket/3539"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/52763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/58747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://fedorahosted.org/freeipa/ticket/3539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8e"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2013-0199

Vulnerability from fkie_nvd - Published: 2014-05-29 14:19 - Updated: 2025-04-12 10:46
Severity ?
Summary
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
References
secalert@redhat.comhttp://osvdb.org/89539
secalert@redhat.comhttp://www.freeipa.org/page/CVE-2013-0199Patch, Vendor Advisory
secalert@redhat.comhttp://www.freeipa.org/page/Releases/3.1.2
secalert@redhat.comhttp://www.securityfocus.com/bid/57542
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/81486
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/89539
af854a3a-2127-422b-91ae-364da2661108http://www.freeipa.org/page/CVE-2013-0199Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.freeipa.org/page/Releases/3.1.2
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/57542
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/81486
Impacted products
Vendor Product Version
redhat freeipa 3.0.0
redhat freeipa 3.0.1
redhat freeipa 3.0.2
redhat freeipa 3.1.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9EC0B67-0A62-40DB-AB3D-47251D6A9A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4876ACC-1CF4-4674-8DD0-D64E028F5FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A987D93-5427-4954-8C6C-E7C295A09BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BED799E-F847-4FAD-8EE0-CAB1DA6C0558",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Las instrucciones de control de acceso LDAP por defecto en FreeIPA 3.0 anterior a 3.1.2 no restringen acceso a los atributos (1) ipaNTTrustAuthIncoming y (2) ipaNTTrustAuthOutgoing, lo que permite a atacantes remotos obtener la clave Cross-Realm Kerberos Trust a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-0199",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-29T14:19:06.863",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/89539"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.freeipa.org/page/CVE-2013-0199"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.freeipa.org/page/Releases/3.1.2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/57542"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/89539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.freeipa.org/page/CVE-2013-0199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.freeipa.org/page/Releases/3.1.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/57542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81486"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-5484

Vulnerability from fkie_nvd - Published: 2013-01-27 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.
References
secalert@redhat.comhttp://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f
secalert@redhat.comhttp://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa
secalert@redhat.comhttp://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4
secalert@redhat.comhttp://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9
secalert@redhat.comhttp://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0188.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0189.html
secalert@redhat.comhttp://www.freeipa.org/page/CVE-2012-5484Vendor Advisory
secalert@redhat.comhttp://www.freeipa.org/page/Releases/3.1.2
af854a3a-2127-422b-91ae-364da2661108http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f
af854a3a-2127-422b-91ae-364da2661108http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa
af854a3a-2127-422b-91ae-364da2661108http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4
af854a3a-2127-422b-91ae-364da2661108http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9
af854a3a-2127-422b-91ae-364da2661108http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0188.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0189.html
af854a3a-2127-422b-91ae-364da2661108http://www.freeipa.org/page/CVE-2012-5484Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.freeipa.org/page/Releases/3.1.2
Impacted products
Vendor Product Version
redhat freeipa 2.0.0
redhat freeipa 2.0.1
redhat freeipa 2.1.0
redhat freeipa 2.1.1
redhat freeipa 2.1.3
redhat freeipa 2.1.4
redhat freeipa 2.2.1
redhat freeipa 3.0.0
redhat freeipa 3.0.1
redhat freeipa 3.0.2
redhat freeipa 3.1.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61635E9E-FA0F-43DD-956D-6A65CC349DA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8002A146-BC41-45D1-BDBE-13A99A83B81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A3C75F-9A29-43DA-99D9-A012E43C2FBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7812FB3-207A-4A88-88B5-2413DE7F843B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09D0A859-34B4-4A2B-9DDE-49224B6BE161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A17AACA8-52EA-4A9D-A02C-4064E7056454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF167865-60B0-4350-B2F3-5AB037F1A3BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9EC0B67-0A62-40DB-AB3D-47251D6A9A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4876ACC-1CF4-4674-8DD0-D64E028F5FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A987D93-5427-4954-8C6C-E7C295A09BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BED799E-F847-4FAD-8EE0-CAB1DA6C0558",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate."
    },
    {
      "lang": "es",
      "value": "El cliente FreeIPA v2.x y v3.x anterior a v3.1.2 no obtiene de forma adecuada el certificado Certification Authority (CA) del servidor, lo que permite ataques man-in-the-middle para falsear el procedimiento de conexi\u00f3n a trav\u00e9s de un certificado manipulado."
    }
  ],
  "id": "CVE-2012-5484",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-01-27T18:55:02.070",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0188.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0189.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.freeipa.org/page/CVE-2012-5484"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.freeipa.org/page/Releases/3.1.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0188.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0189.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.freeipa.org/page/CVE-2012-5484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.freeipa.org/page/Releases/3.1.2"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2011-3636

Vulnerability from fkie_nvd - Published: 2011-12-08 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.
References
secalert@redhat.comhttp://freeipa.org/page/IPAv2_214
af854a3a-2127-422b-91ae-364da2661108http://freeipa.org/page/IPAv2_214
Impacted products
Vendor Product Version
redhat freeipa *
redhat freeipa 0.99
redhat freeipa 0.99698-20080228
redhat freeipa 0.99698641-20080218
redhat freeipa 1.0.0
redhat freeipa 1.0.0
redhat freeipa 1.0.0
redhat freeipa 1.1.0
redhat freeipa 1.1.1
redhat freeipa 1.2.0
redhat freeipa 1.2.1
redhat freeipa 1.2.2
redhat freeipa 1.9.0
redhat freeipa 1.9.0
redhat freeipa 1.9.0
redhat freeipa 1.9.0
redhat freeipa 1.9.0
redhat freeipa 2.0.0
redhat freeipa 2.0.0
redhat freeipa 2.0.0
redhat freeipa 2.0.0
redhat freeipa 2.0.0
redhat freeipa 2.0.0
redhat freeipa 2.0.1
redhat freeipa 2.1.0
redhat freeipa 2.1.1
redhat freeipa 2.1.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BCF6A42-82B0-4D3E-A747-0A764B27058A",
              "versionEndIncluding": "2.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF233FD1-3592-4D75-B941-79CCF00D22D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:0.99698-20080228:*:*:*:*:*:*:*",
              "matchCriteriaId": "25895A90-22F7-4698-8171-6EEDD9086D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:0.99698641-20080218:*:*:*:*:*:*:*",
              "matchCriteriaId": "63A51657-CECF-4C3A-9814-B74AA99AFBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03F76D90-B63A-4169-9FB4-06A027D401C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.0.0:a:*:*:*:*:*:*",
              "matchCriteriaId": "2117B7AD-2195-49C5-9A65-65A997FC0955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.0.0:b:*:*:*:*:*:*",
              "matchCriteriaId": "D2A859D5-3C6C-44D0-BA54-3F96842C859D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5387312F-0CF8-4115-8D8B-F9B497263D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22DAE52-FAEB-4201-A1CF-15B6882D83FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F190968-1EC9-4F88-8692-3FC7AF5448C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2C22570-B37B-4A31-BA0D-D911E5751116",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FAEE010-CECB-4041-A6A2-C065CF9E9105",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.9.0:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "CD4DFFD8-3444-48C5-B03C-C9F390B515A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.9.0:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "A4648F55-A4E4-4622-AD69-B37EFC9FC08A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.9.0:pre3:*:*:*:*:*:*",
              "matchCriteriaId": "230B4A0B-F947-4233-B1C1-12026A57AD65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.9.0:pre4:*:*:*:*:*:*",
              "matchCriteriaId": "8DB810EA-5C58-46B1-A3CF-FE58F9DBCBBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.9.0:pre5:*:*:*:*:*:*",
              "matchCriteriaId": "AE709743-2AEB-41D8-87F8-E6F8CD520983",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61635E9E-FA0F-43DD-956D-6A65CC349DA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.0.0:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "896F5CA0-E6D2-4311-8ACF-02C3CE682B92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.0.0:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "D8F710FE-E06B-4EC6-BA27-6A6799BA5C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "72AE271A-430A-4E4F-BC86-95C16F475354",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C4164AB9-A6CF-467E-A5CF-4430612C77B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7E52A941-0C86-439B-A68F-27BD22038A04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8002A146-BC41-45D1-BDBE-13A99A83B81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A3C75F-9A29-43DA-99D9-A012E43C2FBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7812FB3-207A-4A88-88B5-2413DE7F843B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "946A5DF6-398D-428F-8BFB-DBA5C07AEA8F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados  en el interfaz de gesti\u00f3n en FreeIPA antes de v2.1.4, permite a atacantes no identificados secuestrar la autenticaci\u00f3n de administradores para peticiones que realizan cambios de configuraci\u00f3n."
    }
  ],
  "id": "CVE-2011-3636",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-08T11:55:01.827",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://freeipa.org/page/IPAv2_214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://freeipa.org/page/IPAv2_214"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2008-3274

Vulnerability from fkie_nvd - Published: 2008-09-12 16:56 - Updated: 2025-04-09 00:30
Severity ?
Summary
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.
References
secalert@redhat.comhttp://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2008-0860.html
secalert@redhat.comhttp://secunia.com/advisories/31861
secalert@redhat.comhttp://www.freeipa.org/page/CVE-2008-3274Patch
secalert@redhat.comhttp://www.freeipa.org/page/Downloads
secalert@redhat.comhttp://www.freeipa.org/page/News
secalert@redhat.comhttp://www.securityfocus.com/bid/31111
secalert@redhat.comhttp://www.securitytracker.com/id?1020850
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=457835
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html
af854a3a-2127-422b-91ae-364da2661108http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2008-0860.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31861
af854a3a-2127-422b-91ae-364da2661108http://www.freeipa.org/page/CVE-2008-3274Patch
af854a3a-2127-422b-91ae-364da2661108http://www.freeipa.org/page/Downloads
af854a3a-2127-422b-91ae-364da2661108http://www.freeipa.org/page/News
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31111
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020850
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=457835
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html
Impacted products
Vendor Product Version
redhat enterprise_ipa 1.0.0
redhat freeipa *
redhat freeipa 0.99
redhat freeipa 1.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:enterprise_ipa:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "875F2D78-7C9F-40D1-AA33-6D983CE5577E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBA7BABF-316F-4B56-8A06-99118BE39754",
              "versionEndIncluding": "1.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF233FD1-3592-4D75-B941-79CCF00D22D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:freeipa:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03F76D90-B63A-4169-9FB4-06A027D401C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n por defecto de Red Hat Enterprise IPA versi\u00f3n 1.0.0 y FreeIPA versiones anteriores a 1.1.1 pone ldap:///anyone en la ACL de lectura para el atributo krbMKey, lo que permite a atacantes remotos obtener la clave maestra de Kerberos utilizando una consulta LDAP an\u00f3nima."
    }
  ],
  "id": "CVE-2008-3274",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-12T16:56:20.477",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0860.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31861"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.freeipa.org/page/CVE-2008-3274"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.freeipa.org/page/Downloads"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.freeipa.org/page/News"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/31111"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1020850"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457835"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0860.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.freeipa.org/page/CVE-2008-3274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.freeipa.org/page/Downloads"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.freeipa.org/page/News"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-0336 (GCVE-0-2013-0336)

Vulnerability from cvelistv5 – Published: 2014-11-03 23:00 – Updated: 2024-08-06 14:25
VLAI?
Summary
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:25:09.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913751"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8e"
          },
          {
            "name": "58747",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/58747"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fedorahosted.org/freeipa/ticket/3539"
          },
          {
            "name": "52763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/52763"
          },
          {
            "name": "389directoryserver-cve20130336-dos(83132)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83132"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-04-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913751"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8e"
        },
        {
          "name": "58747",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/58747"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fedorahosted.org/freeipa/ticket/3539"
        },
        {
          "name": "52763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/52763"
        },
        {
          "name": "389directoryserver-cve20130336-dos(83132)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83132"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0336",
    "datePublished": "2014-11-03T23:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T14:25:09.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0199 (GCVE-0-2013-0199)

Vulnerability from cvelistv5 – Published: 2014-05-29 14:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "57542",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/57542"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/Releases/3.1.2"
          },
          {
            "name": "freeipa-crossrealm-info-disc(81486)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81486"
          },
          {
            "name": "89539",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/89539"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/CVE-2013-0199"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "57542",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/57542"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/Releases/3.1.2"
        },
        {
          "name": "freeipa-crossrealm-info-disc(81486)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81486"
        },
        {
          "name": "89539",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/89539"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/CVE-2013-0199"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0199",
    "datePublished": "2014-05-29T14:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T14:18:09.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5484 (GCVE-0-2012-5484)

Vulnerability from cvelistv5 – Published: 2013-01-27 18:00 – Updated: 2024-08-06 21:05
VLAI?
Summary
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:47.243Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/CVE-2012-5484"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/Releases/3.1.2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f"
          },
          {
            "name": "RHSA-2013:0188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0188.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc"
          },
          {
            "name": "RHSA-2013:0189",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0189.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-11-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-07T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/CVE-2012-5484"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/Releases/3.1.2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f"
        },
        {
          "name": "RHSA-2013:0188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0188.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc"
        },
        {
          "name": "RHSA-2013:0189",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0189.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-5484",
    "datePublished": "2013-01-27T18:00:00",
    "dateReserved": "2012-10-24T00:00:00",
    "dateUpdated": "2024-08-06T21:05:47.243Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-3636 (GCVE-0-2011-3636)

Vulnerability from cvelistv5 – Published: 2011-12-08 11:00 – Updated: 2024-08-06 23:37
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://freeipa.org/page/IPAv2_214 x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:37:48.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeipa.org/page/IPAv2_214"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-12-08T11:00:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeipa.org/page/IPAv2_214"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3636",
    "datePublished": "2011-12-08T11:00:00Z",
    "dateReserved": "2011-09-21T00:00:00Z",
    "dateUpdated": "2024-08-06T23:37:48.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-3274 (GCVE-0-2008-3274)

Vulnerability from cvelistv5 – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:28:41.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2008-7987",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html"
          },
          {
            "name": "FEDORA-2008-8003",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html"
          },
          {
            "name": "31111",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31111"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/News"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457835"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/CVE-2008-3274"
          },
          {
            "name": "1020850",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020850"
          },
          {
            "name": "31861",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31861"
          },
          {
            "name": "RHSA-2008:0860",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0860.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/Downloads"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-09-24T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2008-7987",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html"
        },
        {
          "name": "FEDORA-2008-8003",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html"
        },
        {
          "name": "31111",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31111"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/News"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457835"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/CVE-2008-3274"
        },
        {
          "name": "1020850",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020850"
        },
        {
          "name": "31861",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31861"
        },
        {
          "name": "RHSA-2008:0860",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-0860.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/Downloads"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-3274",
    "datePublished": "2008-09-12T16:00:00",
    "dateReserved": "2008-07-24T00:00:00",
    "dateUpdated": "2024-08-07T09:28:41.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0336 (GCVE-0-2013-0336)

Vulnerability from nvd – Published: 2014-11-03 23:00 – Updated: 2024-08-06 14:25
VLAI?
Summary
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:25:09.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913751"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8e"
          },
          {
            "name": "58747",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/58747"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fedorahosted.org/freeipa/ticket/3539"
          },
          {
            "name": "52763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/52763"
          },
          {
            "name": "389directoryserver-cve20130336-dos(83132)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83132"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-04-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913751"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8e"
        },
        {
          "name": "58747",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/58747"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fedorahosted.org/freeipa/ticket/3539"
        },
        {
          "name": "52763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/52763"
        },
        {
          "name": "389directoryserver-cve20130336-dos(83132)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83132"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0336",
    "datePublished": "2014-11-03T23:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T14:25:09.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0199 (GCVE-0-2013-0199)

Vulnerability from nvd – Published: 2014-05-29 14:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "57542",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/57542"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/Releases/3.1.2"
          },
          {
            "name": "freeipa-crossrealm-info-disc(81486)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81486"
          },
          {
            "name": "89539",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/89539"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/CVE-2013-0199"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "57542",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/57542"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/Releases/3.1.2"
        },
        {
          "name": "freeipa-crossrealm-info-disc(81486)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81486"
        },
        {
          "name": "89539",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/89539"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/CVE-2013-0199"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0199",
    "datePublished": "2014-05-29T14:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T14:18:09.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5484 (GCVE-0-2012-5484)

Vulnerability from nvd – Published: 2013-01-27 18:00 – Updated: 2024-08-06 21:05
VLAI?
Summary
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:47.243Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/CVE-2012-5484"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/Releases/3.1.2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f"
          },
          {
            "name": "RHSA-2013:0188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0188.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc"
          },
          {
            "name": "RHSA-2013:0189",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0189.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-11-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-07T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/CVE-2012-5484"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/Releases/3.1.2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f"
        },
        {
          "name": "RHSA-2013:0188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0188.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc"
        },
        {
          "name": "RHSA-2013:0189",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0189.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-5484",
    "datePublished": "2013-01-27T18:00:00",
    "dateReserved": "2012-10-24T00:00:00",
    "dateUpdated": "2024-08-06T21:05:47.243Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-3636 (GCVE-0-2011-3636)

Vulnerability from nvd – Published: 2011-12-08 11:00 – Updated: 2024-08-06 23:37
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://freeipa.org/page/IPAv2_214 x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:37:48.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeipa.org/page/IPAv2_214"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-12-08T11:00:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeipa.org/page/IPAv2_214"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3636",
    "datePublished": "2011-12-08T11:00:00Z",
    "dateReserved": "2011-09-21T00:00:00Z",
    "dateUpdated": "2024-08-06T23:37:48.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-3274 (GCVE-0-2008-3274)

Vulnerability from nvd – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:28:41.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2008-7987",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html"
          },
          {
            "name": "FEDORA-2008-8003",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html"
          },
          {
            "name": "31111",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31111"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/News"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457835"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/CVE-2008-3274"
          },
          {
            "name": "1020850",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020850"
          },
          {
            "name": "31861",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31861"
          },
          {
            "name": "RHSA-2008:0860",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0860.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/Downloads"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-09-24T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2008-7987",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html"
        },
        {
          "name": "FEDORA-2008-8003",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html"
        },
        {
          "name": "31111",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31111"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/News"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457835"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/CVE-2008-3274"
        },
        {
          "name": "1020850",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020850"
        },
        {
          "name": "31861",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31861"
        },
        {
          "name": "RHSA-2008:0860",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-0860.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/Downloads"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-3274",
    "datePublished": "2008-09-12T16:00:00",
    "dateReserved": "2008-07-24T00:00:00",
    "dateUpdated": "2024-08-07T09:28:41.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}