Vulnerabilities > CVE-2012-4546 - Configuration vulnerability in Redhat Enterprise Linux 6.0

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
redhat
CWE-16
nessus

Summary

The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate.

Vulnerable Configurations

Part Description Count
OS
Redhat
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130221_IPA_ON_SL6_X.NASL
    descriptionIt was found that the current default configuration of IPA servers did not publish correct CRLs (Certificate Revocation Lists). The default configuration specifies that every replica is to generate its own CRL; however, this can result in inconsistencies in the CRL contents provided to clients from different Identity Management replicas. More specifically, if a certificate is revoked on one Identity Management replica, it will not show up on another Identity Management replica. (CVE-2012-4546)
    last seen2020-03-18
    modified2013-03-05
    plugin id65012
    published2013-03-05
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65012
    titleScientific Linux Security Update : ipa on SL6.x i386/x86_64 (20130221)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(65012);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27");
    
      script_cve_id("CVE-2012-4546");
    
      script_name(english:"Scientific Linux Security Update : ipa on SL6.x i386/x86_64 (20130221)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was found that the current default configuration of IPA servers did
    not publish correct CRLs (Certificate Revocation Lists). The default
    configuration specifies that every replica is to generate its own CRL;
    however, this can result in inconsistencies in the CRL contents
    provided to clients from different Identity Management replicas. More
    specifically, if a certificate is revoked on one Identity Management
    replica, it will not show up on another Identity Management replica.
    (CVE-2012-4546)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=1062
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?30836ec8"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-admintools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-server-selinux");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-server-trust-ad");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"ipa-admintools-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ipa-client-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ipa-debuginfo-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ipa-python-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ipa-server-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ipa-server-selinux-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ipa-server-trust-ad-3.0.0-25.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipa-admintools / ipa-client / ipa-debuginfo / ipa-python / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0528.NASL
    descriptionUpdated ipa packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large-scale Linux and UNIX deployments. It was found that the current default configuration of IPA servers did not publish correct CRLs (Certificate Revocation Lists). The default configuration specifies that every replica is to generate its own CRL; however, this can result in inconsistencies in the CRL contents provided to clients from different Identity Management replicas. More specifically, if a certificate is revoked on one Identity Management replica, it will not show up on another Identity Management replica. (CVE-2012-4546) These updated ipa packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. Users are advised to upgrade to these updated ipa packages, which fix these issues and add these enhancements.
    last seen2020-06-01
    modified2020-06-02
    plugin id65157
    published2013-03-10
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65157
    titleCentOS 6 : ipa (CESA-2013:0528)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:0528 and 
    # CentOS Errata and Security Advisory 2013:0528 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(65157);
      script_version("1.8");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2012-4546");
      script_bugtraq_id(58083);
      script_xref(name:"RHSA", value:"2013:0528");
    
      script_name(english:"CentOS 6 : ipa (CESA-2013:0528)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated ipa packages that fix one security issue, several bugs, and
    add various enhancements are now available for Red Hat Enterprise
    Linux 6.
    
    The Red Hat Security Response Team has rated this update as having low
    security impact. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available from the
    CVE link in the References section.
    
    Red Hat Identity Management is a centralized authentication, identity
    management and authorization solution for both traditional and
    cloud-based enterprise environments. It integrates components of the
    Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System,
    NTP, and DNS. It provides web browser and command-line interfaces. Its
    administration tools allow an administrator to quickly install, set
    up, and administer a group of domain controllers to meet the
    authentication and identity management requirements of large-scale
    Linux and UNIX deployments.
    
    It was found that the current default configuration of IPA servers did
    not publish correct CRLs (Certificate Revocation Lists). The default
    configuration specifies that every replica is to generate its own CRL;
    however, this can result in inconsistencies in the CRL contents
    provided to clients from different Identity Management replicas. More
    specifically, if a certificate is revoked on one Identity Management
    replica, it will not show up on another Identity Management replica.
    (CVE-2012-4546)
    
    These updated ipa packages also include numerous bug fixes and
    enhancements. Space precludes documenting all of these changes in this
    advisory. Users are directed to the Red Hat Enterprise Linux 6.4
    Technical Notes, linked to in the References, for information on the
    most significant of these changes.
    
    Users are advised to upgrade to these updated ipa packages, which fix
    these issues and add these enhancements."
      );
      # https://lists.centos.org/pipermail/centos-announce/2013-March/019353.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?363031de"
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000542.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7eb641fe"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected ipa packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4546");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipa-admintools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipa-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipa-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipa-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipa-server-selinux");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipa-server-trust-ad");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/03/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"ipa-admintools-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"ipa-client-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"ipa-python-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"ipa-server-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"ipa-server-selinux-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"ipa-server-trust-ad-3.0.0-25.el6")) flag++;
    
    
    if (flag)
    {
      cr_plugin_caveat = '\n' +
        'NOTE: The security advisory associated with this vulnerability has a\n' +
        'fixed package version that may only be available in the continuous\n' +
        'release (CR) repository for CentOS, until it is present in the next\n' +
        'point release of CentOS.\n\n' +
    
        'If an equal or higher package level does not exist in the baseline\n' +
        'repository for your major version of CentOS, then updates from the CR\n' +
        'repository will need to be applied in order to address the\n' +
        'vulnerability.\n';
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get() + cr_plugin_caveat
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipa-admintools / ipa-client / ipa-python / ipa-server / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-1445.NASL
    descriptionUpdate to upstream 3.1.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-02-04
    plugin id64419
    published2013-02-04
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64419
    titleFedora 18 : freeipa-3.1.2-1.fc18 (2013-1445)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-1445.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64419);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-4546", "CVE-2012-5484", "CVE-2013-0199");
      script_xref(name:"FEDORA", value:"2013-1445");
    
      script_name(english:"Fedora 18 : freeipa-3.1.2-1.fc18 (2013-1445)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to upstream 3.1.2
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=870234"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=876307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=901864"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098075.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7851a1df"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected freeipa package."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:freeipa");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC18", reference:"freeipa-3.1.2-1.fc18")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeipa");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0528.NASL
    descriptionUpdated ipa packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large-scale Linux and UNIX deployments. It was found that the current default configuration of IPA servers did not publish correct CRLs (Certificate Revocation Lists). The default configuration specifies that every replica is to generate its own CRL; however, this can result in inconsistencies in the CRL contents provided to clients from different Identity Management replicas. More specifically, if a certificate is revoked on one Identity Management replica, it will not show up on another Identity Management replica. (CVE-2012-4546) These updated ipa packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. Users are advised to upgrade to these updated ipa packages, which fix these issues and add these enhancements.
    last seen2020-06-01
    modified2020-06-02
    plugin id64773
    published2013-02-21
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64773
    titleRHEL 6 : ipa (RHSA-2013:0528)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:0528. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64773);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/24 15:35:36");
    
      script_cve_id("CVE-2012-4546");
      script_xref(name:"RHSA", value:"2013:0528");
    
      script_name(english:"RHEL 6 : ipa (RHSA-2013:0528)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated ipa packages that fix one security issue, several bugs, and
    add various enhancements are now available for Red Hat Enterprise
    Linux 6.
    
    The Red Hat Security Response Team has rated this update as having low
    security impact. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available from the
    CVE link in the References section.
    
    Red Hat Identity Management is a centralized authentication, identity
    management and authorization solution for both traditional and
    cloud-based enterprise environments. It integrates components of the
    Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System,
    NTP, and DNS. It provides web browser and command-line interfaces. Its
    administration tools allow an administrator to quickly install, set
    up, and administer a group of domain controllers to meet the
    authentication and identity management requirements of large-scale
    Linux and UNIX deployments.
    
    It was found that the current default configuration of IPA servers did
    not publish correct CRLs (Certificate Revocation Lists). The default
    configuration specifies that every replica is to generate its own CRL;
    however, this can result in inconsistencies in the CRL contents
    provided to clients from different Identity Management replicas. More
    specifically, if a certificate is revoked on one Identity Management
    replica, it will not show up on another Identity Management replica.
    (CVE-2012-4546)
    
    These updated ipa packages also include numerous bug fixes and
    enhancements. Space precludes documenting all of these changes in this
    advisory. Users are directed to the Red Hat Enterprise Linux 6.4
    Technical Notes, linked to in the References, for information on the
    most significant of these changes.
    
    Users are advised to upgrade to these updated ipa packages, which fix
    these issues and add these enhancements."
      );
      # https://access.redhat.com/knowledge/solutions/295843
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/solutions/295843"
      );
      # https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b5caa05f"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:0528"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-4546"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-admintools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server-selinux");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:0528";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ipa-admintools-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"ipa-admintools-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ipa-admintools-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ipa-client-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"ipa-client-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ipa-client-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ipa-debuginfo-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"ipa-debuginfo-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ipa-debuginfo-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ipa-python-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"ipa-python-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ipa-python-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ipa-server-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ipa-server-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ipa-server-selinux-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ipa-server-selinux-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ipa-server-trust-ad-3.0.0-25.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ipa-server-trust-ad-3.0.0-25.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipa-admintools / ipa-client / ipa-debuginfo / ipa-python / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0528.NASL
    descriptionFrom Red Hat Security Advisory 2013:0528 : Updated ipa packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large-scale Linux and UNIX deployments. It was found that the current default configuration of IPA servers did not publish correct CRLs (Certificate Revocation Lists). The default configuration specifies that every replica is to generate its own CRL; however, this can result in inconsistencies in the CRL contents provided to clients from different Identity Management replicas. More specifically, if a certificate is revoked on one Identity Management replica, it will not show up on another Identity Management replica. (CVE-2012-4546) These updated ipa packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. Users are advised to upgrade to these updated ipa packages, which fix these issues and add these enhancements.
    last seen2020-06-01
    modified2020-06-02
    plugin id68762
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68762
    titleOracle Linux 6 : ipa (ELSA-2013-0528)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2013:0528 and 
    # Oracle Linux Security Advisory ELSA-2013-0528 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68762);
      script_version("1.4");
      script_cvs_date("Date: 2019/09/30 10:58:18");
    
      script_cve_id("CVE-2012-4546");
      script_bugtraq_id(56919, 57529);
      script_xref(name:"RHSA", value:"2013:0528");
    
      script_name(english:"Oracle Linux 6 : ipa (ELSA-2013-0528)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2013:0528 :
    
    Updated ipa packages that fix one security issue, several bugs, and
    add various enhancements are now available for Red Hat Enterprise
    Linux 6.
    
    The Red Hat Security Response Team has rated this update as having low
    security impact. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available from the
    CVE link in the References section.
    
    Red Hat Identity Management is a centralized authentication, identity
    management and authorization solution for both traditional and
    cloud-based enterprise environments. It integrates components of the
    Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System,
    NTP, and DNS. It provides web browser and command-line interfaces. Its
    administration tools allow an administrator to quickly install, set
    up, and administer a group of domain controllers to meet the
    authentication and identity management requirements of large-scale
    Linux and UNIX deployments.
    
    It was found that the current default configuration of IPA servers did
    not publish correct CRLs (Certificate Revocation Lists). The default
    configuration specifies that every replica is to generate its own CRL;
    however, this can result in inconsistencies in the CRL contents
    provided to clients from different Identity Management replicas. More
    specifically, if a certificate is revoked on one Identity Management
    replica, it will not show up on another Identity Management replica.
    (CVE-2012-4546)
    
    These updated ipa packages also include numerous bug fixes and
    enhancements. Space precludes documenting all of these changes in this
    advisory. Users are directed to the Red Hat Enterprise Linux 6.4
    Technical Notes, linked to in the References, for information on the
    most significant of these changes.
    
    Users are advised to upgrade to these updated ipa packages, which fix
    these issues and add these enhancements."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2013-February/003303.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected ipa packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-admintools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-server-selinux");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-server-trust-ad");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"ipa-admintools-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"ipa-client-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"ipa-python-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"ipa-server-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"ipa-server-selinux-3.0.0-25.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"ipa-server-trust-ad-3.0.0-25.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipa-admintools / ipa-client / ipa-python / ipa-server / etc");
    }
    

Redhat

advisories
bugzilla
id905594
titleUnable to install ipa-server-trust-ad pkg on 32-bit platform
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentipa-server is earlier than 0:3.0.0-25.el6
          ovaloval:com.redhat.rhsa:tst:20130528001
        • commentipa-server is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20194268018
      • AND
        • commentipa-admintools is earlier than 0:3.0.0-25.el6
          ovaloval:com.redhat.rhsa:tst:20130528003
        • commentipa-admintools is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111533010
      • AND
        • commentipa-server-trust-ad is earlier than 0:3.0.0-25.el6
          ovaloval:com.redhat.rhsa:tst:20130528005
        • commentipa-server-trust-ad is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20194268016
      • AND
        • commentipa-server-selinux is earlier than 0:3.0.0-25.el6
          ovaloval:com.redhat.rhsa:tst:20130528007
        • commentipa-server-selinux is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111533006
      • AND
        • commentipa-python is earlier than 0:3.0.0-25.el6
          ovaloval:com.redhat.rhsa:tst:20130528009
        • commentipa-python is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111533004
      • AND
        • commentipa-client is earlier than 0:3.0.0-25.el6
          ovaloval:com.redhat.rhsa:tst:20130528011
        • commentipa-client is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20194268026
rhsa
idRHSA-2013:0528
released2013-02-21
severityLow
titleRHSA-2013:0528: ipa security, bug fix and enhancement update (Low)
rpms
  • ipa-admintools-0:3.0.0-25.el6
  • ipa-client-0:3.0.0-25.el6
  • ipa-debuginfo-0:3.0.0-25.el6
  • ipa-python-0:3.0.0-25.el6
  • ipa-server-0:3.0.0-25.el6
  • ipa-server-selinux-0:3.0.0-25.el6
  • ipa-server-trust-ad-0:3.0.0-25.el6