ID CVE-2012-4546
Summary The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 22-04-2019 - 17:48)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat via4
advisories
bugzilla
id 905594
title Unable to install ipa-server-trust-ad pkg on 32-bit platform
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment ipa-admintools is earlier than 0:3.0.0-25.el6
        oval oval:com.redhat.rhsa:tst:20130528007
      • comment ipa-admintools is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111533006
    • AND
      • comment ipa-client is earlier than 0:3.0.0-25.el6
        oval oval:com.redhat.rhsa:tst:20130528005
      • comment ipa-client is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111533010
    • AND
      • comment ipa-python is earlier than 0:3.0.0-25.el6
        oval oval:com.redhat.rhsa:tst:20130528009
      • comment ipa-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111533008
    • AND
      • comment ipa-server is earlier than 0:3.0.0-25.el6
        oval oval:com.redhat.rhsa:tst:20130528011
      • comment ipa-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111533012
    • AND
      • comment ipa-server-selinux is earlier than 0:3.0.0-25.el6
        oval oval:com.redhat.rhsa:tst:20130528013
      • comment ipa-server-selinux is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111533014
    • AND
      • comment ipa-server-trust-ad is earlier than 0:3.0.0-25.el6
        oval oval:com.redhat.rhsa:tst:20130528015
      • comment ipa-server-trust-ad is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20130528016
rhsa
id RHSA-2013:0528
released 2013-02-21
severity Low
title RHSA-2013:0528: ipa security, bug fix and enhancement update (Low)
rpms
  • ipa-admintools-0:3.0.0-25.el6
  • ipa-client-0:3.0.0-25.el6
  • ipa-python-0:3.0.0-25.el6
  • ipa-server-0:3.0.0-25.el6
  • ipa-server-selinux-0:3.0.0-25.el6
  • ipa-server-trust-ad-0:3.0.0-25.el6
refmap via4
Last major update 22-04-2019 - 17:48
Published 03-04-2013 - 00:55
Back to Top