A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2017-0388.html | Third Party Advisory |
http://www.securityfocus.com/bid/96557 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590 | Issue Tracking Patch |
http://rhn.redhat.com/errata/RHSA-2017-0388.html | Third Party Advisory |
http://www.securityfocus.com/bid/96557 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590 | Issue Tracking Patch |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 03:23
Type | Values Removed | Values Added |
---|---|---|
References | () http://rhn.redhat.com/errata/RHSA-2017-0388.html - Third Party Advisory | |
References | () http://www.securityfocus.com/bid/96557 - Third Party Advisory, VDB Entry | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590 - Issue Tracking, Patch |
Information
Published : 2018-07-27 18:29
Updated : 2024-11-21 03:23
NVD link : CVE-2017-2590
Mitre link : CVE-2017-2590
CVE.ORG link : CVE-2017-2590
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- enterprise_linux_server_eus
- enterprise_linux
- enterprise_linux_desktop
- enterprise_linux_server_aus
- enterprise_linux_workstation
freeipa
- freeipa