CVE-2019-14867

Опубликовано: 27 нояб. 2019

Источник: ubuntu

Приоритет: medium

CVSS2: 6.8

CVSS3: 8.8

Описание

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	not-affected	4.9.8-1
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	needed
esm-apps/focal	needed
esm-apps/jammy	needed
esm-apps/noble	not-affected	4.9.8-1
esm-apps/xenial	needed
esm-infra-legacy/trusty	needed

Показывать по

Ссылки на источники

6.8 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVE-2019-14867

CVSS3: 8.8

redhat

больше 6 лет назад

CVE-2019-14867

CVSS3: 8.8

nvd

около 6 лет назад

CVE-2019-14867

CVSS3: 8.8

debian

около 6 лет назад

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ...

GHSA-7hpj-hfcr-5qwm

CVSS3: 8.8

github

около 4 лет назад

Code injection in FreeIPA

ELSA-2020-0378

oracle-oval

около 6 лет назад

ELSA-2020-0378: ipa security and bug fix update (IMPORTANT)

6.8 Medium

CVSS2

8.8 High

CVSS3

CVE-2019-14867

Описание

Пакет freeipa

Ссылки на источники

Связанные уязвимости