Vulnerability Description
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.
CVSS Score
7.9
HIGH
AV:A/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Freeipa | 2.0.0 |
Related Weaknesses (CWE)
References
- http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7
- http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e606
- http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed3
- http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d18
- http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d99
- http://rhn.redhat.com/errata/RHSA-2013-0188.html
- http://rhn.redhat.com/errata/RHSA-2013-0189.html
- http://www.freeipa.org/page/CVE-2012-5484Vendor Advisory
- http://www.freeipa.org/page/Releases/3.1.2
- http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7
- http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e606
- http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed3
- http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d18
- http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d99
- http://rhn.redhat.com/errata/RHSA-2013-0188.html
FAQ
What is CVE-2012-5484?
CVE-2012-5484 is a vulnerability with a CVSS score of 7.9 (HIGH). The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure...
How severe is CVE-2012-5484?
CVE-2012-5484 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5484?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Freeipa.