CVE-2024-1481

NameCVE-2024-1481
DescriptionA flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3773-1
Debian Bugs1065106

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freeipa (PTS)buster (security), buster, buster (lts)4.7.2-3+deb10u1fixed
bookworm4.9.11-1vulnerable
sid4.12.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freeipasourcebuster4.7.2-3+deb10u1DLA-3773-1
freeipasource(unstable)4.12.2-11065106

Notes

[bookworm] - freeipa <ignored> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=2262169
https://pagure.io/freeipa/issue/9541
Fixed by: https://pagure.io/freeipa/c/404fe1018e08e546fd14c83741e00b900c1cd208 (release-4-12-0)
Fixed by: https://pagure.io/freeipa/c/33af154b7f2c92e199d10a36a48310da9b7e77a8 (release-4-12-0)
ipa-4.10: https://pagure.io/freeipa/c/921661fd460799da69043e06e058cff75a64ce3c
ipa-4.10: https://pagure.io/freeipa/c/204011dc0514681511275a4b70a13bfa85c1a538
ipa-4.9: https://pagure.io/freeipa/c/b039f3087a13de3f34b230dbe29a7cfb1965700d
ipa-4.9: https://pagure.io/freeipa/c/96a478bbedd49c31e0f078f00f2d1cb55bb952fd
For buster (and most likely later versions) the vulnerable rpcserver.py code
is not part of the provided binary packages. The kinit.py file is however and
it is not entirelly clear whether this may be used in a vulnerable way when
the client is used for authentication purposes.
FreeIPA in Debian only builds the client packages, not the server

Search for package or bug name: Reporting problems