Intelligence Center » Browse All Vulnerabilities » CVE-2012-5484
Overview |
|
| Vulnerability Score |  7.9 |
| CVE Id | CVE-2012-5484 |
| Last Modified | 07 Feb 2013 12:01:23 |
| Published | 27 Jan 2013 01:55:02 |
| Confidentiality Impact | COMPLETE |
| Integrity Impact | COMPLETE |
| Availability Impact | COMPLETE |
| Access Vector | ADJACENT_NETWORK |
| Access Complexity | MEDIUM |
| Authentication | NONE |
CVE-2012-5484
Summary
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.
Vulnerable Systems
Application
Redhat Freeipa 2.0.0
Redhat Freeipa 2.0.1
Redhat Freeipa 2.1.0
Redhat Freeipa 2.1.1
Redhat Freeipa 2.1.3
Redhat Freeipa 2.1.4
Redhat Freeipa 2.2.1
Redhat Freeipa 3.0.0
Redhat Freeipa 3.0.1
Redhat Freeipa 3.0.2
Redhat Freeipa 3.1.1
References
CONFIRM - http://www.freeipa.org/page/Releases/3.1.2
CONFIRM - http://www.freeipa.org/page/CVE-2012-5484
CONFIRM - http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc
CONFIRM - http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9
CONFIRM - http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4
CONFIRM - http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa
CONFIRM - http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f
REDHAT - RHSA-2013:0189
REDHAT - RHSA-2013:0188
Related Patches
Red Hat 2013:0189-01 RHSA Important: ipa-client security update for RHEL 5 x86
IT Risk Posture:
Free Risk Assessment Tools
Application Scanner
Find vulnerabilities on your network.
Device Scanner
Find vulnerabilities on your network.
Patch Scanner
Find vulnerabilities on your network.
Last Updated: 27 May 2016 11:01:44
