Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-1481

Опубликовано: 10 апр. 2024
Источник: debian
EPSS Низкий

Описание

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
freeipafixed4.12.2-1package
freeipaignoredbookwormpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2262169

  • https://pagure.io/freeipa/issue/9541

  • Fixed by: https://pagure.io/freeipa/c/404fe1018e08e546fd14c83741e00b900c1cd208 (release-4-12-0)

  • Fixed by: https://pagure.io/freeipa/c/33af154b7f2c92e199d10a36a48310da9b7e77a8 (release-4-12-0)

  • ipa-4.10: https://pagure.io/freeipa/c/921661fd460799da69043e06e058cff75a64ce3c

  • ipa-4.10: https://pagure.io/freeipa/c/204011dc0514681511275a4b70a13bfa85c1a538

  • ipa-4.9: https://pagure.io/freeipa/c/b039f3087a13de3f34b230dbe29a7cfb1965700d

  • ipa-4.9: https://pagure.io/freeipa/c/96a478bbedd49c31e0f078f00f2d1cb55bb952fd

  • For buster (and most likely later versions) the vulnerable rpcserver.py code

  • is not part of the provided binary packages. The kinit.py file is however and

  • it is not entirelly clear whether this may be used in a vulnerable way when

  • the client is used for authentication purposes.

  • FreeIPA in Debian only builds the client packages, not the server

EPSS

Процентиль: 48%
0.00246
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-1481

CVSS3: 5.3
ubuntu
больше 1 года назад

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.

redhat логотип

CVE-2024-1481

CVSS3: 5.3
redhat
больше 1 года назад

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.

nvd логотип

CVE-2024-1481

CVSS3: 5.3
nvd
больше 1 года назад

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.

github логотип

GHSA-5g67-qx42-9m78

CVSS3: 5.3
github
больше 1 года назад

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.

oracle-oval логотип

ELSA-2024-3044

oracle-oval
около 1 года назад

ELSA-2024-3044: idm:DL1 security update (MODERATE)

EPSS

Процентиль: 48%
0.00246
Низкий