[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-0188 -- Oracle ipa

ID: oval:org.secpod.oval:def:1500054Date: (C)2013-03-20   (M)2023-12-07
Class: PATCHFamily: unix




Updated ipa packages that fix one security issue are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from theCVE link in the References section. Red Hat Identity Management is a centralized authentication, identitymanagement and authorization solution for both traditional and cloud-basedenterprise environments.A weakness was found in the way IPA clients communicated with IPA serverswhen initially attempting to join IPA domains. As there was no secure wayto provide the IPA server's Certificate Authority certificate to theclient during a join, the IPA client enrollment process was susceptible toman-in-the-middle attacks. This flaw could allow an attacker to obtainaccess to the IPA server using the credentials provided by an IPA client,including administrative access to the entire domain if the join wasperformed using an administrator's credentials. Note: This weakness was only exposed during the initial client join to therealm, because the IPA client did not yet have the CA certificate of theserver. Once an IPA client has joined the realm and has obtained the CAcertificate of the IPA server, all further communication is secure. If aclient were using the OTP method to join to the realm,an attacker could only obtain unprivileged access to the server .Red Hat would like to thank Petr Menšík for reporting this issue.This update must be installed on both the IPA client and IPA server. Whenthis update has been applied to the client but not the server,ipa-client-install, in unattended mode, will fail if you do not have thecorrect CA certificate locally, noting that you must use the "--force"option to insecurely obtain the certificate. In interactive mode, thecertificate will try to be obtained securely from LDAP. If this fails, youwill be prompted to insecurely download the certificate via HTTP. In thesame situation when using OTP, LDAP will not be queried and you will beprompted to insecurely download the certificate via HTTP.Users of ipa are advised to upgrade to these updated packages, whichcorrect this issue. After installing the update, changes in LDAP arehandled by ipa-ldap-updater automatically and are effective immediately.

Platform:
Oracle Linux 6
Product:
ipa
Reference:
ELSA-2013-0188
CVE-2012-5484
CVE    1
CVE-2012-5484
CPE    2
cpe:/a:redhat:ipa
cpe:/o:oracle:linux:6

© SecPod Technologies