Rapid7 Vulnerability & Exploit Database

RHSA-2011:1533: ipa security and bug fix update

Back to Search

RHSA-2011:1533: ipa security and bug fix update



Red Hat Identity Management is a centralized authentication, identitymanagement and authorization solution for both traditional and cloud basedenterprise environments. It integrates components of the Red Hat DirectoryServer, MIT Kerberos, Red Hat Certificate System, NTP and DNS. It providesweb browser and command-line interfaces. Its administration tools allow anadministrator to quickly install, set up, and administer a group of domaincontrollers to meet the authentication and identity management requirementsof large scale Linux and UNIX deployments.A Cross-Site Request Forgery (CSRF) flaw was found in Red Hat IdentityManagement. If a remote attacker could trick a user, who was logged intothe management web interface, into visiting a specially-crafted URL, theattacker could perform Red Hat Identity Management configuration changeswith the privileges of the logged in user. (CVE-2011-3636)Due to the changes required to fix CVE-2011-3636, client tools will need tobe updated for client systems to communicate with updated Red Hat IdentityManagement servers. New client systems will need to have the updatedipa-client package installed to be enrolled. Already enrolled clientsystems will need to have the updated certmonger package installed to beable to renew their system certificate. Note that system certificates arevalid for two years by default.Updated ipa-client and certmonger packages for Red Hat Enterprise Linux 6were released as part of Red Hat Enterprise Linux 6.2. Future updates willprovide updated packages for Red Hat Enterprise Linux 5.This update includes several bug fixes. Space precludes documenting all ofthese changes in this advisory. Users are directed to the Red HatEnterprise Linux 6.2 Technical Notes for information on the mostsignificant of these changes, linked to in the References section.Users of Red Hat Identity Management should upgrade to these updatedpackages, which correct these issues.


  • redhat-upgrade-ipa-admintools
  • redhat-upgrade-ipa-client
  • redhat-upgrade-ipa-debuginfo
  • redhat-upgrade-ipa-python
  • redhat-upgrade-ipa-server
  • redhat-upgrade-ipa-server-selinux

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center