Rapid7 Vulnerability & Exploit Database

RHSA-2008:0860: ipa security update

Back to Search

RHSA-2008:0860: ipa security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
09/12/2008
Created
07/25/2018
Added
02/22/2009
Modified
07/04/2017

Description

Updated ipa packages that fix a security flaw are now available for Red Hat Enterprise IPA. This update has been rated as having important security impact by the Red Hat Security Response Team.

Red Hat Enterprise IPA is an integrated solution to provide centrally-managed Identity (machines, users, virtual machines, groups, authentication credentials), Policy (configuration settings, access control information) and Audit (events, logs, analysis) services. A flaw was found in the Red Hat Enterprise IPA installation procedure. The master Kerberos password was set up in the LDAP server in such a way that it was possible to retrieve the password via an anonymous LDAP connection. (CVE-2008-3274) Note: the master Kerberos password is used to encrypt keys. This flaw does not lead to individual keys being exposed. Users of Red Hat IPA should upgrade to these updated packages and perform the operations explained in the solution to resolve this issue.

Solution(s)

  • redhat-upgrade-ipa-admintools
  • redhat-upgrade-ipa-client
  • redhat-upgrade-ipa-python
  • redhat-upgrade-ipa-server
  • redhat-upgrade-ipa-server-selinux

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;