Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3274

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3274
Last Modified 01 Oct 2008 01:35:36
Published 12 Sep 2008 12:56:20
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3274

Summary

The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.

Vulnerable Systems

Application

  • Redhat Enterprise Ipa 1.0.0

  • Redhat Freeipa 0.99

  • Redhat Freeipa 1.0.0

  • Redhat Freeipa 1.1.0


References

CONFIRM - http://www.freeipa.org/page/CVE-2008-3274

FEDORA - FEDORA-2008-8003

FEDORA - FEDORA-2008-7987

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=457835

SECTRACK - 1020850

BID - 31111

CONFIRM - http://www.freeipa.org/page/News

CONFIRM - http://www.freeipa.org/page/Downloads

SECUNIA - 31861

REDHAT - RHSA-2008:0860

CONFIRM - http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git;a=commit;h=9932887f2af38b9701efec27707648c026ec445c


Last Updated: 27 May 2016 10:48:08