pysec-2013-38
Vulnerability from pysec
Published
2013-01-27 18:55
Modified
2024-11-21 14:22
Details
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ipa",
"purl": "pkg:pypi/ipa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "91f4af7e6af53e1c6bf17ed36cb2161863eddae4"
},
{
"fixed": "18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f"
},
{
"fixed": "a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9"
},
{
"fixed": "31e41eea6c2322689826e6065ceba82551c565aa"
},
{
"fixed": "a40285c5a0288669b72f9d991508d4405885bffc"
}
],
"repo": "https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.10.2",
"4.12.2",
"4.4.0.dev1",
"4.5.0",
"4.5.2",
"4.5.4",
"4.6.2",
"4.6.3",
"4.6.4",
"4.6.5",
"4.6.7",
"4.7.0",
"4.7.1",
"4.7.2",
"4.7.4",
"4.7.5",
"4.8.0",
"4.8.0rc1",
"4.8.1",
"4.8.2",
"4.8.3",
"4.8.5",
"4.8.6",
"4.8.7",
"4.8.9",
"4.9.12"
]
}
],
"aliases": [
"CVE-2012-5484"
],
"details": "The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.",
"id": "PYSEC-2013-38",
"modified": "2024-11-21T14:22:51.898526Z",
"published": "2013-01-27T18:55:00Z",
"references": [
{
"type": "ADVISORY",
"url": "http://www.freeipa.org/page/CVE-2012-5484"
},
{
"type": "WEB",
"url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4"
},
{
"type": "WEB",
"url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f"
},
{
"type": "WEB",
"url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9"
},
{
"type": "WEB",
"url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa"
},
{
"type": "WEB",
"url": "http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc"
},
{
"type": "WEB",
"url": "http://www.freeipa.org/page/Releases/3.1.2"
},
{
"type": "ADVISORY",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0188.html"
},
{
"type": "ADVISORY",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0189.html"
}
],
"withdrawn": "2024-11-22T04:37:04Z"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.