Name | CVE-2024-1481 |
Description | A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-3773-1 |
Debian Bugs | 1065106 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
freeipa (PTS) | buster (security), buster, buster (lts) | 4.7.2-3+deb10u1 | fixed |
| bookworm | 4.9.11-1 | vulnerable |
| sid | 4.11.1-2.1 | vulnerable |
The information below is based on the following data on fixed versions.
Notes
[bookworm] - freeipa <ignored> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=2262169
https://pagure.io/freeipa/issue/9541
ipa-4.10: https://pagure.io/freeipa/c/921661fd460799da69043e06e058cff75a64ce3c
ipa-4.10: https://pagure.io/freeipa/c/204011dc0514681511275a4b70a13bfa85c1a538
ipa-4.9: https://pagure.io/freeipa/c/b039f3087a13de3f34b230dbe29a7cfb1965700d
ipa-4.9: https://pagure.io/freeipa/c/96a478bbedd49c31e0f078f00f2d1cb55bb952fd
For buster (and most likely later versions) the vulnerable rpcserver.py code
is not part of the provided binary packages. The kinit.py file is however and
it is not entirelly clear whether this may be used in a vulnerable way when
the client is used for authentication purposes.
FreeIPA in Debian only builds the client packages, not the server