Home

CVE-2017-2590

Description

A vulnerability was found in ipa before 4.4. IdMs ca-del, ca-disable, and ca-enable commands did not properly check the users permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score
Exploitation Probability
0.177

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2017:0388) Moderate: ipa security and bug fix update ipa-client-4.4.0-14.el7_3.6.x86_64.rpmLinux
(RHSA-2017:0388) Moderate: ipa security and bug fix update ipa-client-common-4.4.0-14.el7_3.6.noarch.rpmLinux
(RHSA-2017:0388) Moderate: ipa security and bug fix update ipa-common-4.4.0-14.el7_3.6.noarch.rpmLinux
(RHSA-2017:0388) Moderate: ipa security and bug fix update ipa-python-compat-4.4.0-14.el7_3.6.noarch.rpmLinux
(RHSA-2017:0388) Moderate: ipa security and bug fix update ipa-server-4.4.0-14.el7_3.6.x86_64.rpmLinux
(RHSA-2017:0388) Moderate: ipa security and bug fix update ipa-server-common-4.4.0-14.el7_3.6.noarch.rpmLinux
(RHSA-2017:0388) Moderate: ipa security and bug fix update ipa-server-dns-4.4.0-14.el7_3.6.noarch.rpmLinux
(RHSA-2017:0388) Moderate: ipa security and bug fix update ipa-server-trust-ad-4.4.0-14.el7_3.6.x86_64.rpmLinux
(RHSA-2017:0388) Moderate: ipa security and bug fix update python2-ipaclient-4.4.0-14.el7_3.6.noarch.rpmLinux
(RHSA-2017:0388) Moderate: ipa security and bug fix update python2-ipalib-4.4.0-14.el7_3.6.noarch.rpmLinux
(RHSA-2017:0388) Moderate: ipa security and bug fix update python2-ipaserver-4.4.0-14.el7_3.6.noarch.rpmLinux
Bind-dyndb-ldap update (ELSA-2024-3044) bind-dyndb-ldap-11.6-4.module+el8.9.0+90094+20819f5a.x86_64.rpmLinux
Custodia update (ELSA-2024-3044) custodia-0.6.0-3.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Ipa-client update (ELSA-2024-3044) ipa-client-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpmLinux
Ipa-client update (ELSA-2024-3044) ipa-client-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.x86_64.rpmLinux
Ipa-client-common update (ELSA-2024-3044) ipa-client-common-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Ipa-client-common update (ELSA-2024-3044) ipa-client-common-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpmLinux
Ipa-client-epn update (ELSA-2024-3044) ipa-client-epn-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpmLinux
Ipa-client-epn update (ELSA-2024-3044) ipa-client-epn-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.x86_64.rpmLinux
Ipa-client-samba update (ELSA-2024-3044) ipa-client-samba-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpmLinux
Ipa-client-samba update (ELSA-2024-3044) ipa-client-samba-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.x86_64.rpmLinux
Ipa-common update (ELSA-2024-3044) ipa-common-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Ipa-common update (ELSA-2024-3044) ipa-common-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpmLinux
Ipa-healthcheck update (ELSA-2024-3044) ipa-healthcheck-0.12-3.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Ipa-healthcheck-core update (ELSA-2024-3044) ipa-healthcheck-core-0.12-3.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Ipa-healthcheck-core update (ELSA-2024-3044) ipa-healthcheck-core-0.12-3.module+el8.9.0+90095+d672673c.noarch.rpmLinux
Ipa-python-compat update (ELSA-2024-3044) ipa-python-compat-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Ipa-python-compat update (ELSA-2024-3044) ipa-python-compat-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpmLinux
Ipa-selinux update (ELSA-2024-3044) ipa-selinux-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Ipa-selinux update (ELSA-2024-3044) ipa-selinux-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpmLinux
Ipa-server update (ELSA-2024-3044) ipa-server-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpmLinux
Ipa-server-common update (ELSA-2024-3044) ipa-server-common-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Ipa-server-dns update (ELSA-2024-3044) ipa-server-dns-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Ipa-server-trust-ad update (ELSA-2024-3044) ipa-server-trust-ad-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpmLinux
Opendnssec update (ELSA-2024-3044) opendnssec-2.1.7-1.module+el8.9.0+90094+20819f5a.x86_64.rpmLinux
Python3-custodia update (ELSA-2024-3044) python3-custodia-0.6.0-3.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Python3-ipaclient update (ELSA-2024-3044) python3-ipaclient-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Python3-ipaclient update (ELSA-2024-3044) python3-ipaclient-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpmLinux
Python3-ipalib update (ELSA-2024-3044) python3-ipalib-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Python3-ipalib update (ELSA-2024-3044) python3-ipalib-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpmLinux
Python3-ipaserver update (ELSA-2024-3044) python3-ipaserver-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Python3-ipatests update (ELSA-2024-3044) python3-ipatests-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Python3-jwcrypto update (ELSA-2024-3044) python3-jwcrypto-0.5.0-1.1.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Python3-jwcrypto update (ELSA-2024-3044) python3-jwcrypto-0.5.0-1.1.module+el8.9.0+90095+d672673c.noarch.rpmLinux
Python3-kdcproxy update (ELSA-2024-3044) python3-kdcproxy-0.4-5.module+el8.9.0+90122+3305dc1d.noarch.rpmLinux
Python3-pyusb update (ELSA-2024-3044) python3-pyusb-1.0.0-9.1.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Python3-pyusb update (ELSA-2024-3044) python3-pyusb-1.0.0-9.1.module+el8.9.0+90095+d672673c.noarch.rpmLinux
Python3-qrcode update (ELSA-2024-3044) python3-qrcode-5.1-12.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Python3-qrcode update (ELSA-2024-3044) python3-qrcode-5.1-12.module+el8.9.0+90095+d672673c.noarch.rpmLinux
Python3-qrcode-core update (ELSA-2024-3044) python3-qrcode-core-5.1-12.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Python3-qrcode-core update (ELSA-2024-3044) python3-qrcode-core-5.1-12.module+el8.9.0+90095+d672673c.noarch.rpmLinux
Python3-yubico update (ELSA-2024-3044) python3-yubico-1.3.2-9.1.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Python3-yubico update (ELSA-2024-3044) python3-yubico-1.3.2-9.1.module+el8.9.0+90095+d672673c.noarch.rpmLinux
Slapi-nis update (ELSA-2024-3044) slapi-nis-0.60.0-4.module+el8.10.0+90297+bfe93ccc.x86_64.rpmLinux
Softhsm update (ELSA-2024-3044) softhsm-2.6.0-5.module+el8.9.0+90094+20819f5a.x86_64.rpmLinux
Softhsm-devel update (ELSA-2024-3044) softhsm-devel-2.6.0-5.module+el8.9.0+90094+20819f5a.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234