vulnerability
Oracle Linux: CVE-2016-5404: ELSA-2016-1797: ipa security update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:N/A:P) | Aug 17, 2016 | Sep 1, 2016 | Dec 3, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Published
Aug 17, 2016
Added
Sep 1, 2016
Modified
Dec 3, 2025
Description
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack.
An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack.
Solutions
oracle-linux-upgrade-ipa-admintoolsoracle-linux-upgrade-ipa-clientoracle-linux-upgrade-ipa-pythonoracle-linux-upgrade-ipa-serveroracle-linux-upgrade-ipa-server-dnsoracle-linux-upgrade-ipa-server-selinuxoracle-linux-upgrade-ipa-server-trust-ad
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.