Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5484

Overview

Vulnerability Score 7.9 7.9
CVE Id CVE-2012-5484
Last Modified 07 Feb 2013 12:01:23
Published 27 Jan 2013 01:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5484

Summary

The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.

Vulnerable Systems

Application

  • Redhat Freeipa 2.0.0

  • Redhat Freeipa 2.0.1

  • Redhat Freeipa 2.1.0

  • Redhat Freeipa 2.1.1

  • Redhat Freeipa 2.1.3

  • Redhat Freeipa 2.1.4

  • Redhat Freeipa 2.2.1

  • Redhat Freeipa 3.0.0

  • Redhat Freeipa 3.0.1

  • Redhat Freeipa 3.0.2

  • Redhat Freeipa 3.1.1


References

CONFIRM - http://www.freeipa.org/page/Releases/3.1.2

CONFIRM - http://www.freeipa.org/page/CVE-2012-5484

CONFIRM - http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc

CONFIRM - http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9

CONFIRM - http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4

CONFIRM - http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa

CONFIRM - http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f

REDHAT - RHSA-2013:0189

REDHAT - RHSA-2013:0188

Related Patches

Red Hat 2013:0189-01 RHSA Important: ipa-client security update for RHEL 5 x86


Last Updated: 27 May 2016 11:01:44