Rapid7 Vulnerability & Exploit Database

Centos Linux: CVE-2017-2590: Moderate: ipa security and bug fix update (CESA-2017:0388)

Back to Search

Centos Linux: CVE-2017-2590: Moderate: ipa security and bug fix update (CESA-2017:0388)

Severity
6
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:P)
Published
03/02/2017
Created
07/25/2018
Added
03/06/2017
Modified
03/03/2021

Description

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

Solution(s)

  • centos-upgrade-ipa-admintools
  • centos-upgrade-ipa-client
  • centos-upgrade-ipa-client-common
  • centos-upgrade-ipa-common
  • centos-upgrade-ipa-debuginfo
  • centos-upgrade-ipa-python-compat
  • centos-upgrade-ipa-server
  • centos-upgrade-ipa-server-common
  • centos-upgrade-ipa-server-dns
  • centos-upgrade-ipa-server-trust-ad
  • centos-upgrade-python2-ipaclient
  • centos-upgrade-python2-ipalib
  • centos-upgrade-python2-ipaserver

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;