Input validation error in FreeIPA
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-2590 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
FreeIPA Other software / Other software solutions |
| Vendor | freeipa.org |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Input validation error
EUVDB-ID: #VU36812
Risk: High
CVSSv4.0: 5.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-2590
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to #BASIC_IMPACT#.
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.
MitigationInstall update from vendor's website.
Vulnerable software versionsFreeIPA: 4.0.0 - 4.3.3
CPE2.3- cpe:2.3:a:freeipa_org:freeipa:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:freeipa_org:freeipa:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:freeipa_org:freeipa:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:freeipa_org:freeipa:4.3.3:*:*:*:*:*:*:*
https://rhn.redhat.com/errata/RHSA-2017-0388.html
https://www.securityfocus.com/bid/96557
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
