CVE-2012-5484 - Vulnerability Details

The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00532.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Freeipa

Configuration 1 [-]

OR	cpe:2.3:a:redhat:freeipa:2.0.0:::::::*
	cpe:2.3:a:redhat:freeipa:2.0.1:::::::*
	cpe:2.3:a:redhat:freeipa:2.1.0:::::::*
	cpe:2.3:a:redhat:freeipa:2.1.1:::::::*
	cpe:2.3:a:redhat:freeipa:2.1.3:::::::*
	cpe:2.3:a:redhat:freeipa:2.1.4:::::::*
	cpe:2.3:a:redhat:freeipa:2.2.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:freeipa:3.0.0:::::::*
	cpe:2.3:a:redhat:freeipa:3.0.1:::::::*
	cpe:2.3:a:redhat:freeipa:3.0.2:::::::*
	cpe:2.3:a:redhat:freeipa:3.1.1:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
ipa-client-0:2.1.3-5.el5_9.2	cpe:/o:redhat:enterprise_linux:5	RHSA-2013:0189	2013-01-23T00:00:00Z
Red Hat Enterprise Linux 6
ipa-0:2.2.0-17.el6_3.1	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0188	2013-01-23T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2013-0010	The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc
http://rhn.redhat.com/errata/RHSA-2013-0188.html
http://rhn.redhat.com/errata/RHSA-2013-0189.html
http://www.freeipa.org/page/CVE-2012-5484
http://www.freeipa.org/page/Releases/3.1.2
https://nvd.nist.gov/vuln/detail/CVE-2012-5484
https://www.cve.org/CVERecord?id=CVE-2012-5484

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-01-27T18:00:00

Updated: 2024-08-06T21:05:47.243Z

Reserved: 2012-10-24T00:00:00

Link: CVE-2012-5484

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-01-27T18:55:02.070

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-5484

Redhat

Severity : Important

Publid Date: 2013-01-23T00:00:00Z

Links: CVE-2012-5484 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object