CVE-2017-2590

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.
Configurations

Configuration 1 (hide)

cpe:2.3:a:freeipa:freeipa:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:23

Type Values Removed Values Added
References () http://rhn.redhat.com/errata/RHSA-2017-0388.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2017-0388.html - Third Party Advisory
References () http://www.securityfocus.com/bid/96557 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/96557 - Third Party Advisory, VDB Entry
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590 - Issue Tracking, Patch () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590 - Issue Tracking, Patch

Information

Published : 2018-07-27 18:29

Updated : 2024-11-21 03:23


NVD link : CVE-2017-2590

Mitre link : CVE-2017-2590

CVE.ORG link : CVE-2017-2590


JSON object : View

Products Affected

redhat

  • enterprise_linux_server
  • enterprise_linux_server_eus
  • enterprise_linux
  • enterprise_linux_desktop
  • enterprise_linux_server_aus
  • enterprise_linux_workstation

freeipa

  • freeipa
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-275

Permission Issues