Vulnerabilities > CVE-2012-5484 - Cryptographic Issues vulnerability in Redhat Freeipa

CVSS 7.9 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

redhat

CWE-310

nessus

NVD

Published: 2013-01-27

Updated: 2013-02-07

Summary

The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Freeipa 2.0.0 Redhat Freeipa 2.0.1 Redhat Freeipa 2.1.0 Redhat Freeipa 2.1.1 Redhat Freeipa 2.1.3 Redhat Freeipa 2.1.4 Redhat Freeipa 2.2.1 Redhat Freeipa 3.0.0 Redhat Freeipa 3.0.1 Redhat Freeipa 3.0.2 Redhat Freeipa 3.1.1	11

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0189.NASL
description	An updated ipa-client package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server
last seen	2020-06-01
modified	2020-06-02
plugin id	63676
published	2013-01-24
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63676
title	RHEL 5 : ipa-client (RHSA-2013:0189)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-1445.NASL
description	Update to upstream 3.1.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-02-04
plugin id	64419
published	2013-02-04
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64419
title	Fedora 18 : freeipa-3.1.2-1.fc18 (2013-1445)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-0188.NASL
description	From Red Hat Security Advisory 2013:0188 : Updated ipa packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server
last seen	2020-06-01
modified	2020-06-02
plugin id	68714
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68714
title	Oracle Linux 6 : ipa (ELSA-2013-0188)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0188.NASL
description	Updated ipa packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server
last seen	2020-06-01
modified	2020-06-02
plugin id	63675
published	2013-01-24
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63675
title	RHEL 6 : ipa (RHSA-2013:0188)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20130123_IPA_CLIENT_ON_SL5_X.NASL
description	A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server
last seen	2020-03-18
modified	2013-01-25
plugin id	64090
published	2013-01-25
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64090
title	Scientific Linux Security Update : ipa-client on SL5.x i386/x86_64 (20130123)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-0189.NASL
description	From Red Hat Security Advisory 2013:0189 : An updated ipa-client package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server
last seen	2020-06-01
modified	2020-06-02
plugin id	68715
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68715
title	Oracle Linux 5 : ipa-client (ELSA-2013-0189)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-2434.NASL
description	Update to upstream 2.2.1 GA. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-02-24
plugin id	64855
published	2013-02-24
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64855
title	Fedora 17 : freeipa-2.2.2-1.fc17 (2013-2434)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-0188.NASL
description	Updated ipa packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server
last seen	2020-06-01
modified	2020-06-02
plugin id	64081
published	2013-01-25
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64081
title	CentOS 6 : ipa (CESA-2013:0188)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20130123_IPA_ON_SL6_X.NASL
description	A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server
last seen	2020-03-18
modified	2013-01-25
plugin id	64091
published	2013-01-25
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64091
title	Scientific Linux Security Update : ipa on SL6.x i386/x86_64 (20130123)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-0189.NASL
description	An updated ipa-client package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server
last seen	2020-06-01
modified	2020-06-02
plugin id	63673
published	2013-01-24
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63673
title	CentOS 5 : ipa-client (CESA-2013:0189)

Redhat

advisories

bugzilla

id	876307
title	CVE-2012-5484 ipa: weakness when initiating join from IPA client can potentially compromise IPA domain

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment ipa-python is earlier than 0:2.2.0-17.el6_3.1
oval oval:com.redhat.rhsa:tst:20130188001
comment ipa-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111533004
AND
comment ipa-client is earlier than 0:2.2.0-17.el6_3.1
oval oval:com.redhat.rhsa:tst:20130188003
comment ipa-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268026

AND

comment ipa-admintools is earlier than 0:2.2.0-17.el6_3.1
oval oval:com.redhat.rhsa:tst:20130188005
comment ipa-admintools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111533010

AND
comment ipa-server is earlier than 0:2.2.0-17.el6_3.1
oval oval:com.redhat.rhsa:tst:20130188007
comment ipa-server is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268018

AND

comment ipa-server-selinux is earlier than 0:2.2.0-17.el6_3.1
oval oval:com.redhat.rhsa:tst:20130188009
comment ipa-server-selinux is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111533006

rhsa

id	RHSA-2013:0188
released	2013-01-23
severity	Important
title	RHSA-2013:0188: ipa security update (Important)

bugzilla

id	876307
title	CVE-2012-5484 ipa: weakness when initiating join from IPA client can potentially compromise IPA domain

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005
comment ipa-client is earlier than 0:2.1.3-5.el5_9.2
oval oval:com.redhat.rhsa:tst:20130189001
comment ipa-client is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130189002

rhsa

id	RHSA-2013:0189
released	2013-01-23
severity	Important
title	RHSA-2013:0189: ipa-client security update (Important)

rpms

ipa-admintools-0:2.2.0-17.el6_3.1
ipa-client-0:2.2.0-17.el6_3.1
ipa-debuginfo-0:2.2.0-17.el6_3.1
ipa-python-0:2.2.0-17.el6_3.1
ipa-server-0:2.2.0-17.el6_3.1
ipa-server-selinux-0:2.2.0-17.el6_3.1
ipa-client-0:2.1.3-5.el5_9.2
ipa-client-debuginfo-0:2.1.3-5.el5_9.2

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References