Vigil@nce - FreeIPA: denial of service via cert_revoke
October 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who has the "retrieve certificate" permission, can
revoke certificates on FreeIPA, in order to trigger a denial of
service.
– Impacted products: Fedora, FreeIPA, RHEL.
– Severity: 2/4.
– Creation date: 18/08/2016.
DESCRIPTION OF THE VULNERABILITY
The FreeIPA product can be used to manage authentication
certificates.
The cert_revoke command revokes a certificate. However, this
command does not check if the user has the "revoke certificate"
permission.
An attacker, who has the "retrieve certificate" permission, can
therefore revoke certificates on FreeIPA, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/FreeIPA-denial-of-service-via-cert-revoke-20426