TROYANOSYVIRUS
Back to CVEs

CVE-2016-5404

N/A

Description

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.

CVE Details

CVSS v3.1 ScoreN/A
Published9/7/2016
Last Modified4/12/2025
Sourcenvd
Honeypot Sightings0

Affected Products

fedoraproject:fedorafreeipa:freeipaoracle:linux

Weaknesses (CWE)

CWE-284

References

http://rhn.redhat.com/errata/RHSA-2016-1797.html(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2016/08/17/9(secalert@redhat.com)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html(secalert@redhat.com)
http://www.securityfocus.com/bid/92525(secalert@redhat.com)
https://fedorahosted.org/freeipa/ticket/6232(secalert@redhat.com)
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2016-1797.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/08/17/9(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92525(af854a3a-2127-422b-91ae-364da2661108)
https://fedorahosted.org/freeipa/ticket/6232(af854a3a-2127-422b-91ae-364da2661108)
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.