CVE-2016-5404

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
freeipafreeipa
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freeipa
bookworm
4.9.11-1
fixed
sid
4.11.1-2.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freeipa
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
precise
ignored
trusty
not-affected
xenial
Fixed 4.3.1-0ubuntu1+esm1
released
yakkety
ignored
zesty
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ipa-admintools
RHEL 6
0:3.0.0-50.el6_8.2
fixed
RHEL 7
0:4.2.0-15.el7_2.19
fixed
ipa-client
RHEL 6
0:3.0.0-50.el6_8.2
fixed
RHEL 7
0:4.2.0-15.el7_2.19
fixed
ipa-python
RHEL 6
0:3.0.0-50.el6_8.2
fixed
RHEL 7
0:4.2.0-15.el7_2.19
fixed
ipa-server
RHEL 6
0:3.0.0-50.el6_8.2
fixed
RHEL 7
0:4.2.0-15.el7_2.19
fixed
ipa-server-dns
RHEL 7
0:4.2.0-15.el7_2.19
fixed
ipa-server-selinux
RHEL 6
0:3.0.0-50.el6_8.2
fixed
ipa-server-trust-ad
RHEL 6
0:3.0.0-50.el6_8.2
fixed
RHEL 7
0:4.2.0-15.el7_2.19
fixed
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-1797.html
http://www.openwall.com/lists/oss-security/2016/08/17/9
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.securityfocus.com/bid/92525
https://fedorahosted.org/freeipa/ticket/6232
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/
http://rhn.redhat.com/errata/RHSA-2016-1797.html
http://www.openwall.com/lists/oss-security/2016/08/17/9
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.securityfocus.com/bid/92525
https://fedorahosted.org/freeipa/ticket/6232
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/