CVE-2016-5404
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
Known Affected Software
6 configuration(s) from 3 vendor(s)
fedora
Version:
25
CPE:
cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
fedora
Version:
23
CPE:
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
fedora
Version:
24
CPE:
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
freeipa
Version:
-
CPE:
cpe:2.3:a:freeipa:freeipa:-:*:*:*:*:*:*:*
linux
Version:
7
CPE:
cpe:2.3:o:oracle:linux:7:8:*:*:*:*:*:*
linux
Version:
6
CPE:
cpe:2.3:o:oracle:linux:6:10:*:*:*:*:*:*
This vulnerability affects 6 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://rhn.redhat.com/errata/RHSA-2016-1797.htmlsecalert@redhat.com
-
http://www.openwall.com/lists/oss-security/2016/08/17/9secalert@redhat.com Mailing List Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlsecalert@redhat.com Third Party Advisory
-
http://www.securityfocus.com/bid/92525secalert@redhat.com Third Party Advisory VDB Entry
-
https://fedorahosted.org/freeipa/ticket/6232secalert@redhat.com Issue Tracking
-
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fdsecalert@redhat.com Issue Tracking Patch
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/secalert@redhat.com
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/secalert@redhat.com
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/secalert@redhat.com
-
http://rhn.redhat.com/errata/RHSA-2016-1797.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://www.openwall.com/lists/oss-security/2016/08/17/9af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.securityfocus.com/bid/92525af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://fedorahosted.org/freeipa/ticket/6232af854a3a-2127-422b-91ae-364da2661108 Issue Tracking
-
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fdaf854a3a-2127-422b-91ae-364da2661108 Issue Tracking Patch
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/af854a3a-2127-422b-91ae-364da2661108
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/af854a3a-2127-422b-91ae-364da2661108
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/af854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-284
Improper Access Control
- Description
- The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- Typical Severity
- Medium
- Abstraction Level
- Pillar
Key Information
- Published Date
- September 07, 2016
