CVE-2019-14867: Code Injection
First published: Wed Oct 30 2019(Updated: )
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/FreeIPA | <4.6.7 | 4.6.7 |
| redhat/FreeIPA | <4.7.4 | 4.7.4 |
| redhat/FreeIPA | <4.8.3 | 4.8.3 |
| pip/freeipa | >=4.8.0<4.8.3 | 4.8.3 |
| pip/freeipa | >=4.7.0<4.7.4 | 4.7.4 |
| pip/freeipa | >=4.6.2<4.6.7 | 4.6.7 |
| pip/ipa | >=4.8.0<4.8.3 | 4.8.3 |
| pip/ipa | >=4.7.0<4.7.4 | 4.7.4 |
| pip/ipa | >=4.6.2<4.6.7 | 4.6.7 |
| Red Hat FreeIPA | >=4.6.0<4.6.7 | |
| Red Hat FreeIPA | >=4.7.0<4.7.4 | |
| Red Hat FreeIPA | >=4.8.0<4.8.3 | |
| Red Hat Fedora | =30 | |
| Red Hat Fedora | =31 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHBA-2019:4268
- https://access.redhat.com/errata/RHSA-2020:0378
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14867
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T/
- https://www.freeipa.org/page/Releases/4.6.7
- https://www.freeipa.org/page/Releases/4.7.4
- https://www.freeipa.org/page/Releases/4.8.3
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1752973
- https://releases.pagure.org/freeipa
- https://pagure.io/freeipa/c/e11e73abc101361c0b66b3b958a64c9c8f6c608b.patch
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1777200
- https://access.redhat.com/security/cve/cve-2019-14867
- https://access.redhat.com/errata/RHSA-2020:1269
- https://bugzilla.redhat.com/show_bug.cgi?id=1766920
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF/
- https://nvd.nist.gov/vuln/detail/CVE-2019-14867
- https://github.com/pypa/advisory-db/tree/main/vulns/ipa/PYSEC-2019-28.yaml
- https://github.com/advisories/GHSA-7hpj-hfcr-5qwm (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/ipa/PYSEC-2019-28.yaml
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T
Frequently Asked Questions
What is the severity of CVE-2019-14867?
CVE-2019-14867 is classified as a moderate severity vulnerability due to the potential for an unauthenticated attacker to exploit it.
How do I fix CVE-2019-14867?
To fix CVE-2019-14867, upgrade FreeIPA to version 4.6.7, 4.7.4, or 4.8.3 or later.
Which versions of FreeIPA are affected by CVE-2019-14867?
CVE-2019-14867 affects FreeIPA versions prior to 4.6.7, 4.7.4, and 4.8.3.
Can CVE-2019-14867 be exploited remotely?
Yes, CVE-2019-14867 can be exploited remotely by an unauthenticated attacker.
What components of FreeIPA are impacted by CVE-2019-14867?
CVE-2019-14867 impacts the internal function ber_scanf() used to parse kerberos key data in the IPA server.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-14867
- agent/software-canonical-lookup
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-7hpj-hfcr-5qwm
- agent/last-modified-date
- agent/references
- agent/severity
- agent/event
- agent/author
- collector/github-advisory
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- package-manager/redhat
- package-manager/pip
- vendor/freeipa
- canonical/red hat freeipa
- version/red hat freeipa/4.6.0
- version/red hat freeipa/4.7.0
- version/red hat freeipa/4.8.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/30
- version/red hat fedora/31