Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-2590

Опубликовано: 27 фев. 2017
Источник: redhat
CVSS3: 8.1

Описание

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

It was found that IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ipaNot affected
Red Hat Enterprise Linux 7ipaFixedRHSA-2017:038802.03.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-732
https://bugzilla.redhat.com/show_bug.cgi?id=1413137ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-2590

CVSS3: 8.1
ubuntu
больше 7 лет назад

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

nvd логотип

CVE-2017-2590

CVSS3: 8.1
nvd
больше 7 лет назад

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

debian логотип

CVE-2017-2590

CVSS3: 8.1
debian
больше 7 лет назад

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, ...

github логотип

GHSA-7gp5-3wrx-x8j6

CVSS3: 8.1
github
больше 3 лет назад

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

oracle-oval логотип

ELSA-2017-0388

oracle-oval
почти 9 лет назад

ELSA-2017-0388: ipa security and bug fix update (MODERATE)

8.1 High

CVSS3