CVE-2016-5404

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2016-1797.html
http://www.openwall.com/lists/oss-security/2016/08/17/9	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Third Party Advisory
http://www.securityfocus.com/bid/92525	Third Party Advisory VDB Entry
https://fedorahosted.org/freeipa/ticket/6232	Issue Tracking
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd	Issue Tracking Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/

Configurations

Configuration 1 (hide)

cpe:2.3:a:freeipa:freeipa:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:oracle:linux:6:::::::*
	cpe:2.3:o:oracle:linux:7:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:23:::::::*
	cpe:2.3:o:fedoraproject:fedora:24:::::::*
	cpe:2.3:o:fedoraproject:fedora:25:::::::*

History

12 Feb 2023, 23:24

Type	Values Removed	Values Added
Summary	An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack.	The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
References	~~{'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1351593', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1351593', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/security/cve/CVE-2016-5404', 'name': 'https://access.redhat.com/security/cve/CVE-2016-5404', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2016:1797', 'name': 'https://access.redhat.com/errata/RHSA-2016:1797', 'tags': [], 'refsource': 'MISC'}~~

02 Feb 2023, 15:17

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/', 'name': 'FEDORA-2016-f56c765d67', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/', 'name': 'FEDORA-2016-7898627d08', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/', 'name': 'FEDORA-2016-92a3655b70', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'}	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1351593 - (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/ - (MISC) https://access.redhat.com/security/cve/CVE-2016-5404 - (MISC) https://access.redhat.com/errata/RHSA-2016:1797 - (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/ -
Summary	The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.	An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack.

Information

Published : 2016-09-07 20:59

Updated : 2023-12-10 11:46

NVD link : CVE-2016-5404

Mitre link : CVE-2016-5404

CVE.ORG link : CVE-2016-5404

JSON object : View

Products Affected

fedoraproject

fedora

oracle

linux

freeipa

freeipa

CWE

CWE-284

Improper Access Control

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2016-5404

6.5^/10

4.0^/10

Attach tags to `CVE-2016-5404`