Published: 27/01/2013 Updated: 07/02/2013

CVSS v2 Base Score: 7.9 | Impact Score: 10 | Exploitability Score: 5.5

VMScore: 703

Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C

The client in FreeIPA 2.x and 3.x prior to 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle malicious users to spoof a join procedure via a crafted certificate.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat freeipa 2.0.0
redhat freeipa 2.1.0
redhat freeipa 2.0.1
redhat freeipa 2.2.1
redhat freeipa 2.1.4
redhat freeipa 2.1.3
redhat freeipa 2.1.1
redhat freeipa 3.1.1
redhat freeipa 3.0.2
redhat freeipa 3.0.1
redhat freeipa 3.0.0

Synopsis Important: ipa security update Type/Severity Security Advisory: Important Topic Updated ipa packages that fix one security issue are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability Scorin ...

Synopsis Important: ipa-client security update Type/Severity Security Advisory: Important Topic An updated ipa-client package that fixes one security issue is nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vul ...

CWE-310 http://www.freeipa.org/page/CVE-2012-5484 http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4 http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9 http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc http://www.freeipa.org/page/Releases/3.1.2 http://rhn.redhat.com/errata/RHSA-2013-0188.html http://rhn.redhat.com/errata/RHSA-2013-0189.html https://access.redhat.com/errata/RHSA-2013:0188 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-5484

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect