Home

CVE-2019-14867

Description

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.605

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-freeipa 4.6.7Windows
Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-freeipa 4.7.4Windows
Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-freeipa 4.8.3Windows
Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-ipa 4.6.7Windows
Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-ipa 4.7.4Windows
Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-ipa 4.8.3Windows
(RHSA-2020:0378) ipa security and bug fix update ipa-client-4.6.5-11.el7_7.4.x86_64.rpmLinux
(RHSA-2020:0378) ipa security and bug fix update ipa-client-common-4.6.5-11.el7_7.4.noarch.rpmLinux
(RHSA-2020:0378) ipa security and bug fix update ipa-common-4.6.5-11.el7_7.4.noarch.rpmLinux
(RHSA-2020:0378) ipa security and bug fix update ipa-python-compat-4.6.5-11.el7_7.4.noarch.rpmLinux
(RHSA-2020:0378) ipa security and bug fix update ipa-server-4.6.5-11.el7_7.4.x86_64.rpmLinux
(RHSA-2020:0378) ipa security and bug fix update ipa-server-common-4.6.5-11.el7_7.4.noarch.rpmLinux
(RHSA-2020:0378) ipa security and bug fix update ipa-server-dns-4.6.5-11.el7_7.4.noarch.rpmLinux
(RHSA-2020:0378) ipa security and bug fix update ipa-server-trust-ad-4.6.5-11.el7_7.4.x86_64.rpmLinux
(RHSA-2020:0378) ipa security and bug fix update python2-ipaclient-4.6.5-11.el7_7.4.noarch.rpmLinux
(RHSA-2020:0378) ipa security and bug fix update python2-ipalib-4.6.5-11.el7_7.4.noarch.rpmLinux
(RHSA-2020:0378) ipa security and bug fix update python2-ipaserver-4.6.5-11.el7_7.4.noarch.rpmLinux
Ipa-client update (ELSA-2020-0378) ipa-client-4.6.5-11.0.1.el7_7.4.x86_64.rpmLinux
Ipa-server update (ELSA-2020-0378) ipa-server-4.6.5-11.0.1.el7_7.4.x86_64.rpmLinux
Ipa-server-trust-ad update (ELSA-2020-0378) ipa-server-trust-ad-4.6.5-11.0.1.el7_7.4.x86_64.rpmLinux
Ipa-client-common update (ELSA-2020-0378) ipa-client-common-4.6.5-11.0.1.el7_7.4.noarch.rpmLinux
Ipa-common update (ELSA-2020-0378) ipa-common-4.6.5-11.0.1.el7_7.4.noarch.rpmLinux
Ipa-python-compat update (ELSA-2020-0378) ipa-python-compat-4.6.5-11.0.1.el7_7.4.noarch.rpmLinux
Ipa-server-common update (ELSA-2020-0378) ipa-server-common-4.6.5-11.0.1.el7_7.4.noarch.rpmLinux
Ipa-server-dns update (ELSA-2020-0378) ipa-server-dns-4.6.5-11.0.1.el7_7.4.noarch.rpmLinux
Python2-ipaclient update (ELSA-2020-0378) python2-ipaclient-4.6.5-11.0.1.el7_7.4.noarch.rpmLinux
Python2-ipalib update (ELSA-2020-0378) python2-ipalib-4.6.5-11.0.1.el7_7.4.noarch.rpmLinux
Python2-ipaserver update (ELSA-2020-0378) python2-ipaserver-4.6.5-11.0.1.el7_7.4.noarch.rpmLinux
Bind-dyndb-ldap update (ELSA-2024-3044) bind-dyndb-ldap-11.6-4.module+el8.9.0+90094+20819f5a.x86_64.rpmLinux
Custodia update (ELSA-2024-3044) custodia-0.6.0-3.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Ipa-client update (ELSA-2024-3044) ipa-client-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpmLinux
Ipa-client update (ELSA-2024-3044) ipa-client-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.x86_64.rpmLinux
Ipa-client-common update (ELSA-2024-3044) ipa-client-common-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Ipa-client-common update (ELSA-2024-3044) ipa-client-common-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpmLinux
Ipa-client-epn update (ELSA-2024-3044) ipa-client-epn-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpmLinux
Ipa-client-epn update (ELSA-2024-3044) ipa-client-epn-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.x86_64.rpmLinux
Ipa-client-samba update (ELSA-2024-3044) ipa-client-samba-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpmLinux
Ipa-client-samba update (ELSA-2024-3044) ipa-client-samba-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.x86_64.rpmLinux
Ipa-common update (ELSA-2024-3044) ipa-common-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Ipa-common update (ELSA-2024-3044) ipa-common-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpmLinux
Ipa-healthcheck update (ELSA-2024-3044) ipa-healthcheck-0.12-3.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Ipa-healthcheck-core update (ELSA-2024-3044) ipa-healthcheck-core-0.12-3.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Ipa-healthcheck-core update (ELSA-2024-3044) ipa-healthcheck-core-0.12-3.module+el8.9.0+90095+d672673c.noarch.rpmLinux
Ipa-python-compat update (ELSA-2024-3044) ipa-python-compat-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Ipa-python-compat update (ELSA-2024-3044) ipa-python-compat-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpmLinux
Ipa-selinux update (ELSA-2024-3044) ipa-selinux-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Ipa-selinux update (ELSA-2024-3044) ipa-selinux-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpmLinux
Ipa-server update (ELSA-2024-3044) ipa-server-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpmLinux
Ipa-server-common update (ELSA-2024-3044) ipa-server-common-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Ipa-server-dns update (ELSA-2024-3044) ipa-server-dns-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Ipa-server-trust-ad update (ELSA-2024-3044) ipa-server-trust-ad-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpmLinux
Opendnssec update (ELSA-2024-3044) opendnssec-2.1.7-1.module+el8.9.0+90094+20819f5a.x86_64.rpmLinux
Python3-custodia update (ELSA-2024-3044) python3-custodia-0.6.0-3.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Python3-ipaclient update (ELSA-2024-3044) python3-ipaclient-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Python3-ipaclient update (ELSA-2024-3044) python3-ipaclient-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpmLinux
Python3-ipalib update (ELSA-2024-3044) python3-ipalib-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Python3-ipalib update (ELSA-2024-3044) python3-ipalib-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpmLinux
Python3-ipaserver update (ELSA-2024-3044) python3-ipaserver-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Python3-ipatests update (ELSA-2024-3044) python3-ipatests-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpmLinux
Python3-jwcrypto update (ELSA-2024-3044) python3-jwcrypto-0.5.0-1.1.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Python3-jwcrypto update (ELSA-2024-3044) python3-jwcrypto-0.5.0-1.1.module+el8.9.0+90095+d672673c.noarch.rpmLinux
Python3-kdcproxy update (ELSA-2024-3044) python3-kdcproxy-0.4-5.module+el8.9.0+90122+3305dc1d.noarch.rpmLinux
Python3-pyusb update (ELSA-2024-3044) python3-pyusb-1.0.0-9.1.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Python3-pyusb update (ELSA-2024-3044) python3-pyusb-1.0.0-9.1.module+el8.9.0+90095+d672673c.noarch.rpmLinux
Python3-qrcode update (ELSA-2024-3044) python3-qrcode-5.1-12.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Python3-qrcode update (ELSA-2024-3044) python3-qrcode-5.1-12.module+el8.9.0+90095+d672673c.noarch.rpmLinux
Python3-qrcode-core update (ELSA-2024-3044) python3-qrcode-core-5.1-12.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Python3-qrcode-core update (ELSA-2024-3044) python3-qrcode-core-5.1-12.module+el8.9.0+90095+d672673c.noarch.rpmLinux
Python3-yubico update (ELSA-2024-3044) python3-yubico-1.3.2-9.1.module+el8.9.0+90094+20819f5a.noarch.rpmLinux
Python3-yubico update (ELSA-2024-3044) python3-yubico-1.3.2-9.1.module+el8.9.0+90095+d672673c.noarch.rpmLinux
Slapi-nis update (ELSA-2024-3044) slapi-nis-0.60.0-4.module+el8.10.0+90297+bfe93ccc.x86_64.rpmLinux
Softhsm update (ELSA-2024-3044) softhsm-2.6.0-5.module+el8.9.0+90094+20819f5a.x86_64.rpmLinux
Softhsm-devel update (ELSA-2024-3044) softhsm-devel-2.6.0-5.module+el8.9.0+90094+20819f5a.x86_64.rpmLinux
Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-freeipa for linux 4.6.7Linux
Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-freeipa for linux 4.7.4Linux
Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-freeipa for linux 4.8.3Linux
Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-ipa for linux 4.6.7Linux
Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-ipa for linux 4.7.4Linux
Vulnerabilities CVE-2019-10195,CVE-2019-14867 are fixed in Python-ipa for linux 4.8.3Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234