CVE-2008-3274: Infoleak
First published: Mon Aug 04 2008(Updated: )
IPA contains a flaw in where installations of freipa/RHEIPA exposed the Master Kerberos Password through anonymous queries. The Master Kerberos Password is used to encrypt keys, however this flaw does not lead to individual keys being exposed. By itself this flaw has limited scope, but could be combined with a different flaw which could reveal user credentials.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Freeipa | <=1.1.0 | |
| Redhat Freeipa | =0.99 | |
| Redhat Enterprise Ipa | =1.0.0 | |
| Redhat Freeipa | =1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.freeipa.org/page/News
- http://www.securityfocus.com/bid/31111
- https://bugzilla.redhat.com/show_bug.cgi?id=457835
- http://rhn.redhat.com/errata/RHSA-2008-0860.html
- http://www.freeipa.org/page/Downloads
- http://www.freeipa.org/page/CVE-2008-3274
- http://secunia.com/advisories/31861
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html
- http://www.securitytracker.com/id?1020850
- http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314591&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314591&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314592&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314592&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314593&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314593&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314594&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314594&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314983&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314983&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314984&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314984&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314985&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314985&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314986&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314986&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314987&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314987&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314988&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314988&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314989&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=314989&action=edit
- https://admin.fedoraproject.org/updates/F8/FEDORA-2008-7987
- https://admin.fedoraproject.org/updates/F9/FEDORA-2008-8003
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/remedy
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-3274
- vendor/redhat
- canonical/redhat freeipa
- version/redhat freeipa/1.1.0
- version/redhat freeipa/0.99
- canonical/redhat enterprise ipa
- version/redhat enterprise ipa/1.0.0
- version/redhat freeipa/1.0.0